WebApp Sec mailing list archives
RE: Web Pen Test Honeypot
From: "Thakrar, Saurabh" <saurabh.thakrar () roche com>
Date: Fri, 11 Jul 2008 14:53:48 -0400
There is another one by HP http://zero.webappsecurity.com Best Regards, Saurabh A. Thakrar Information Security Consultant-Global Security Operations and Competency Center Roche Diagnostics Operations, Inc. 9115 Hague Road, Bldg-P Indianapolis, Indiana 46250-0457 USA Phone: +1 317-521-4209 Mobile: +1 317-670-7560 mailto:saurabh.thakrar () roche com Confidentiality Note: This message is intended only for the use of the named recipient(s) and may contain confidential and/or proprietary information. If you are not the intended recipient, please contact the sender and delete this message. Any unauthorized use of the information contained in this message is prohibited. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Stevens, Scott Sent: Friday, July 11, 2008 12:23 PM To: John Evans; webappsec () securityfocus com Subject: RE: Web Pen Test Honeypot I believe IBM/Watchfire (now called 'IBM Rational Scan') has a site that's stood up exclusively for webappsec demo'ing purposes. I've seen it used in various demos. It's globally available and I don't believe there's any restriction on testing against it. URL: http://www.testfire.net Scott Stevens Security Consultant En Pointe Technologies -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of John Evans Sent: Tuesday, July 08, 2008 4:40 PM To: webappsec () securityfocus com Subject: Web Pen Test Honeypot Greetings, I am in the middle of evaluating the wide variety of web security pen-test tools that exist. I'm currently pointing each piece of software to a site that I have written. None of the tools are finding issues. My task right now is to find the right tool for the job, and the job is finding web-based security issues. Either the tools are not working, or my site is secure. I'm not willing to put money on which of the two is true. :) What I need is a web application that has known security issues. I would prefer one that was intentionally written to have scanners pointed to it for testing the scanners. Does such a thing exist? I hope so, because I hardly have time right now to write even the simplest web application that has all of the various holes that I need to test for. If someone could point me to a "web honeypot" that I could install in my own environment I would appreciate it. Thanks. -- John Evans Administrator of kilnar.com ------------------------------------------------------------------------ - Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------ - ------------------------------------------------------------------------ - Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F ------------------------------------------------------------------------ - ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- Web Pen Test Honeypot John Evans (Jul 11)
- Re: Web Pen Test Honeypot Thanasis Kostopoulos (Jul 11)
- Re: Web Pen Test Honeypot Jeff Robertson (Jul 11)
- Re: Web Pen Test Honeypot Thanasis Kostopoulos (Jul 15)
- Re: Web Pen Test Honeypot Jeff Robertson (Jul 11)
- Re: Web Pen Test Honeypot Jamie Riden (Jul 11)
- Re: Web Pen Test Honeypot Mathias Huber (Jul 11)
- RE: Web Pen Test Honeypot Paul Melson (Jul 11)
- Re: Web Pen Test Honeypot James Landis (Jul 11)
- RE: Web Pen Test Honeypot Alex Eden (Jul 15)
- RE: Web Pen Test Honeypot Stevens, Scott (Jul 11)
- RE: Web Pen Test Honeypot Thakrar, Saurabh (Jul 11)
- <Possible follow-ups>
- Re: RE: Web Pen Test Honeypot mike (Jul 17)
- Re: Web Pen Test Honeypot Thanasis Kostopoulos (Jul 11)