From: Joey Peloquin (joeyp@cotse.net)
Date: Thu May 10 2007 - 09:53:43 EDT
Benny Tsai wrote:
> Another option is setting up WebGoat as a pen-test playground:
>
> http://www.owasp.org/index.php/OWASP_WebGoat_Project
>
> -Benny
Webgoat is absolutely terrible for evaluating automated scanners. It's
intended as a training tool, not an evaluation platform (for now, at least).
If you rely on it alone, you won't be happy with any scanner on the market.
Other than SPI and Cenzic's test sites, I'd take the advice of our other
peers that have recommended the Hacme* line of test apps. If you're savvy,
you could also try to get your own running with the OWASP SiteGenerator
[http://www.owasp.org/index.php/Owasp_SiteGenerator].
Good luck!
-jp
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:47 EDT