[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] learning hacking techniques

From: Robert Portvliet <robert.portvliet@xxxxxxxxx>
Subject: Re: [WEB SECURITY] learning hacking techniques
Date: Sat, 21 Nov 2009 11:04:12 -0500

There's also Mutillidae, "A Deliberately Vulnerable Set Of PHP Scripts
That Implement The OWASP Top 10"

http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10




2009/11/20 Steve Pinkham <steve.pinkham@xxxxxxxxx>:
> DVWA is another good target to learn off of.
>
> If you're looking for an easy way to get started, you can use samurai WTF
> for tools and online targets or moth.
>
> Also, we've started a training project called Web Security Dojo which is a
> VM image with tools, targets, and most importantly documentation installed.
>  It doesn't have as many tools as Samurai, but it has what we consider the
> best in class of tools that are useful for learning web app testing.
>
> As for documentation, OWASP's testing guide is the best free resource I know
> of for learning, and Portswigger's Web Application Hackers Handbook is the
> best I've found at any price.
>
> Hope that helps!
>
> Steve
> Vance, Michael wrote:
>>
>> Miguel-
>>
>> The Open Web Application Security Project (OWASP, http://www.owasp.org) is
>> your friend.  They have a ton of information on any Web App vulnerability
>> you could ask for.  Their main page on XSS is
>> http://www.owasp.org/index.php/Cross_Site_Scripting_Flaw.  They also have
>> links to other resources.
>>
>> OWASP also maintains a "practice" environment called WebGoat
>> (http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project).
>>
>> The other "classic" vulnerable Web App is Hacme Bank, maintained by
>> Foundstone.  It can be found here:
>> http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
>>
>> Good luck!
>>
>> -Michael
>>
>> -----Original Message-----
>> From: Miguel González Castaños [mailto:miguel_3_gonzalez@xxxxxxxx] Sent:
>> Friday, November 20, 2009 12:09 PM
>> To: websecurity@xxxxxxxxxxxxx
>> Subject: [WEB SECURITY] learning hacking techniques
>>
>> Hi,
>>
>>  I'm starting a course in computer security and I see that that there are
>> some websites like hacklabs that can be used for learning hacking
>> techniques. However, it seems the registration process doesn't work.
>>
>>  I'm looking in general for:
>>
>>  - any clear free documentation about hacking techniques, not only
>> teaching concepts but giving you examples.
>>    - any website or any sandbox (maybe a virtual appliance)  where you can
>> practice those concepts.
>>
>>  In particular:
>>
>>  - I'm looking for documentation of how to do a XSS attack. It's part of
>> my course (a company course) and the truth is that the documentation is not
>> very clear.
>>
>> Thanks in advance
>>
>> Miguel
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/archive/
>>
>> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>> Join WASC on LinkedIn
>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>>
>> This E-Mail has been scanned for viruses.
>>
>>
>> ----------------------------------------------------------------------------
>> Join us on IRC: irc.freenode.net #webappsec
>>
>> Have a question? Search The Web Security Mailing List Archives:
>> http://www.webappsec.org/lists/websecurity/archive/
>>
>> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>>
>> Join WASC on LinkedIn
>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>>
>
>
> --
>  | Steven E. Pinkham                      |
>  | Security Researcher, Maven Security    |
>  | http://www.mavensecurity.com           |
>  | GPG public key ID CD31CAFB             |
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] learning hacking techniques
  - From: Miguel González Castaños
- RE: [WEB SECURITY] learning hacking techniques
  - From: Vance, Michael
- Re: [WEB SECURITY] learning hacking techniques
  - From: Steve Pinkham

Prev by Date: Re: [WEB SECURITY] learning hacking techniques
Next by Date: [WEB SECURITY] HITB Security Conference 2010 Dubai Call for Papers
Previous by thread: Re: [WEB SECURITY] learning hacking techniques
Next by thread: [WEB SECURITY] Announcement - ModSecurity Core Rule Set Demo Testing Page
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site