.

Vulnerable web apps to practice on

<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Mar 09, 2009 1:24 pm

Vulnerable web apps to practice on

Hi All

I am very new to penetration testing and am currently setting up a little virtual lab to perform tests on.  I have downloaded Foundstones hackmebank/hackmebooks etc and WebGoat, are there any other sites available that provide vulnerable apps to test?

Thanks all  :)
<<

Chan

Newbie
Newbie

Posts: 32

Joined: Thu Jun 05, 2008 4:38 am

Post Mon Mar 09, 2009 1:46 pm

Re: Vulnerable web apps to practice on

Could be an idea to download real apps the have known vulns and install them. phpVBB seems to have a long history of vulns, might be an idea to start there?

There's also the Damn Vulnerable Linux distro that has some tutorials and  specially written apps, and de-ice (which I'm currently looking at so couldn't tell you more...)

HTH

Chan
CCNA, 100m Swimming cert.
<<

sethmisenar

Newbie
Newbie

Posts: 24

Joined: Fri Feb 06, 2009 7:39 pm

Location: Jackson, MS, USA

Post Fri Mar 13, 2009 9:46 am

Re: Vulnerable web apps to practice on

Adrian Crenshaw on his site, http://www.irongeek.com,&nbsp; has a good list of intentionally vulnerable web applications. 

He even has started work on Mutillidae, which is a PHP, Apache, MySQL application that intends to illustrate the OWASP Top 10 vulnerabilities.

http://www.irongeek.com/i.php?page=secu ... p-security

Hope this helps.

Seth Misenar
GSE, CASP, CISSP, GSEC, GCIA, GCIH, GPEN, GCWN, GCFA, MCSE
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Mar 13, 2009 10:30 am

Re: Vulnerable web apps to practice on

Good suggestion. Adrian AKA Irongeek puts out some great content.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

Jhaddix

User avatar

Sr. Member
Sr. Member

Posts: 317

Joined: Wed Oct 29, 2008 10:25 pm

Post Fri Mar 13, 2009 5:33 pm

Re: Vulnerable web apps to practice on

you can also look for some old services to run that are exploitable at

http://www.oldversion.com/

and

http://www.oldapps.com/
Last edited by Jhaddix on Fri Mar 13, 2009 6:07 pm, edited 1 time in total.
<<

timmedin

User avatar

Sr. Member
Sr. Member

Posts: 469

Joined: Thu Feb 05, 2009 11:18 pm

Post Sat Mar 14, 2009 6:39 pm

Re: Vulnerable web apps to practice on

Check out HackThisSite.com. They have some great challenges.
twitter.com/timmedin | http://blog.securitywhole.com
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Sun Mar 15, 2009 11:26 am

Re: Vulnerable web apps to practice on

I got a mention on irongeek!  ;D
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Sun Mar 15, 2009 1:30 pm

Re: Vulnerable web apps to practice on

Cheers for the responses guys, ill check these resources out

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software