Penetration Testing,Vulnerability Assessment,Ethical Hacking,Information Security
Vulnerable Web Applications To learn Web Application Testing Skills
I have Often seen Beginners who will pursue their carrier in Application Security always have less Hands on experience in testing Web Applications below are the links Would help them to learn and Improve their skills in Application Security Testing.
Vulnerable Webapplications
1) Jarlsberg App
http://jarlsberg.appspot.com/start
2) OWASP Broken Web Applications project
http://code.google.com/p/owaspbwa/wiki/ProjectSummary
Intentionally Vulnerable Applications:
•OWASP WebGoat version 5.3-SNAPSHOT (Java)
•OWASP Vicnum version 1.4 (PHP/Perl)
•Mutillidae version 1.3 (PHP)
•Damn Vulnerable Web Application version 1.06 (PHP)
•Ghost (PHP)
•Peruggia version 1.2 (PHP)
•OWASP CSRFGuard Test Application version 2.2 (Java)
•OWASP AppSensor Demo Application (Java)
•Mandiant Struts Forms (Java/Struts)
•Simple ASP.NET Forms (ASP.NET/C#)
•Simple Form with DOM Cross Site Scripting (HTML/JavaScript)
Old Versions of Real Applications:
•WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from www.oldapps.com)
•phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from www.oldapps.com)
•Yazd version 1.0 (Java, released February 20, 2002)
3)Web Security Dojo
http://www.mavensecurity.com/web_security_dojo/
Targets include:
•OWASP’s WebGoat
•Damn Vulnerable Web App
•Hacme Casino
•OWASP InsecureWebApp
•simple training targets by Maven Security (including REST and JSON)
Tools:
•Burp Suite (free version)
•w3af
•OWASP Skavenger
•OWASP Dirbuster
•Paros
•Webscarab
•Ratproxy
•sqlmap
•helpful Firefox add-ons
4)SPI Dynamics (live) – http://zero.webappsecurity.com/
5)Cenzic (live) – http://crackme.cenzic.com/
6)Watchfire (live) – http://demo.testfire.net/
7)Acunetix (live) – http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
8)PCTechtips Challenge (live) – http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/
9)The Butterfly Security Project – http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project
10)Hacme Casino – http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
11)Hacme Bank 2.0 – http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
12)Updated HackmeBank – http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
14)Hacme Books – http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
15)Hacme Travel – http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
16)Hacme Shipping – http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
17)OWASP SiteGenerator – http://www.owasp.org/index.php/Owasp_SiteGenerator
18)Moth – http://www.bonsai-sec.com/en/research/moth.php
19)Stanford SecuriBench – http://suif.stanford.edu/~livshits/securibench/
20)SecuriBench Micro – http://suif.stanford.edu/~livshits/work/securibench-micro/
21)BadStore – http://www.badstore.net/
22)WebMaven/Buggy Bank – http://www.mavensecurity.com/webmaven