Secure Coding mailing list archives
Web Application Exploits and Defenses
From: floodeen at gmail.com (Rob Floodeen)
Date: Wed, 5 May 2010 10:32:15 -0400
On the same subject, I'm looking for something along this line (and that of hacme). However I need it to be able to: 1. Work on current MS Products 2. Store it's data to a remote database 3. Be accessible from Remote systems 4. Clean target space Why? I need an external corporate webserver that is vulnerable for some training I'm working on. Currently we are using some hand written html and php that feeds into MSSQL. It works, but is not exciting or current. We explored the hacme, maven, webgoat (actually use it as a secondary target in the dmz), etc. But have not found anything that simulates enterprise level operation. If you would like more detail on what we are building and how, drop me a mail, I don't wish to spam the list. -Rob Floodeen On Wed, May 5, 2010 at 9:44 AM, Kenneth Van Wyk <ken at krvw.com> wrote:
The folks at Google have released some web app training, along with a vulnerable web app sandbox to play in. ?The tool is called Jarlsberg. ?Anyone here take a look at it yet, and have an opinion about it? The description (see below) sounds kinda sorta like OWASP's WebGoat, except that the vulnerable app itself is written in Python. ?Oh, and the app is available on the web, as well as in source code (under Creative Commons). http://jarlsberg.appspot.com/ There's also an instructor's guide available at: http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdf Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com Follow us on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Web Application Exploits and Defenses Kenneth Van Wyk (May 05)
- Web Application Exploits and Defenses Rob Floodeen (May 05)