Re: Mock Penentration Test Site

From: Robert Rich (rrich@gstisecurity.com)
Date: Thu Aug 19 2004 - 20:50:47 EDT

• Next message: Drew, Dale: "RE: CONTINENTAL LOTTERIES WINNERS"
• Previous message: Gerry Eisenhaur: "Re: Mock Penentration Test Site"
• In reply to: Tim: "Re: Mock Penentration Test Site"
• Next in thread: Benjamin Tomhave: "RE: Mock Penentration Test Site"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

WebGoat at OWASP is one option with a J2EE flavor... I've never used it myself,
so I can't vouch for its effectiveness...but the OWASP folks seem to work pretty
hard at putting quality stuff together.

http://www.owasp.org/software/webgoat.html

Quoting Tim <tim-pentest@sentinelchicken.org>:

> > I am trying to create a Red Teaming Exercise and I was wondering if
> > anyone knows of a full site I can download that will. Anything will
> > do as an example, with CGI, PHP, JSP , ASP, forms and database.
> > Basically anything that will resemble a real site with real
> > vulnerabilities. i dotn have the time to build a fully functioning
> > site from scratch and no one at work wants to give me one. Can anyone
> > help?
>
> Well, you could always set up an installation of PHPNuke or PHPbb. They
> seem to have plenty of holes in them already for you to exploit... ;-)
>
> Even if their current versions are well-patched, I am sure it would be
> easy to slip in a few XSS and SQL injection holes.
>
> tim
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
>
-------------------------------------------------------------------------------
>
>

--
Robert Rich
Global Security Technologies, Inc.
Mobile: 614.975.7549
Office: 614.890.6400
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------

• Next message: Drew, Dale: "RE: CONTINENTAL LOTTERIES WINNERS"
• Previous message: Gerry Eisenhaur: "Re: Mock Penentration Test Site"
• In reply to: Tim: "Re: Mock Penentration Test Site"
• Next in thread: Benjamin Tomhave: "RE: Mock Penentration Test Site"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT