Re: Mock Penentration Test Site

From: Skander Ben Mansour (securityfocus@benmansour.net)
Date: Fri Aug 20 2004 - 06:37:44 EDT

• Next message: Bénoni MARTIN: "Securing web site with redundancy ?"
• Previous message: R. DuFresne: "Re: Odd server side scripts source disclosure vulnerability"
• In reply to: jwoloz: "Mock Penentration Test Site"
• Next in thread: Clement Dupuis: "RE: Mock Penentration Test Site"
• Reply: Clement Dupuis: "RE: Mock Penentration Test Site"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Jason,

David Rhoades, who teaches at SANS, developed a fake banking website
that intentionally includes several vulnerabilities.

I believe you can use and modify the code under the GPL. It is available
at the following link:

http://www.mavensecurity.com/webmaven

 From the author web site:
"WebMaven (better known as Buggy Bank) is an interactive learning
environment for web application security. It emulates various security
flaws for the user to find. This will enable users to safely & legally
practice web application vulnerability assessment techniques. In
addition, users can benchmark their security audit tools to ensure they
perform as advertised. "

I hope it helps.

Best Regards,

Skander Ben Mansour, CISSP

---
http://www.benmansour.net/
jwoloz wrote:
> Hey All
> I am trying to create a Red Teaming Exercise and I was wondering if anyone knows of a full site I can download that will.  Anything will do as an example, with CGI, PHP, JSP , ASP, forms and database.  Basically anything that will resemble a real site with real vulnerabilities.  i dotn have the time to build a fully functioning site from scratch and no one at work wants to give me one.  Can anyone help?
> -Jason
> 
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
> 
> http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
> -------------------------------------------------------------------------------
> 
> 
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.securityfocus.com/sponsor/InfoSecInstitute_pen-test_040817
-------------------------------------------------------------------------------

• Next message: Bénoni MARTIN: "Securing web site with redundancy ?"
• Previous message: R. DuFresne: "Re: Odd server side scripts source disclosure vulnerability"
• In reply to: jwoloz: "Mock Penentration Test Site"
• Next in thread: Clement Dupuis: "RE: Mock Penentration Test Site"
• Reply: Clement Dupuis: "RE: Mock Penentration Test Site"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:59 EDT