dEEpEst Posted January 4, 2013 Share Posted January 4, 2013 This is the hidden content, please Sign In or Sign Up Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. Google translate: Damn Vulnerable Web App (DVWA) es una aplicación web PHP / MySQL que es maldito vulnerable. Sus objetivos principales son ser una ayuda para los profesionales de seguridad a prueba sus habilidades y herramientas en un entorno legal, ayudar a los desarrolladores web a comprender mejor los procesos de seguridad de las aplicaciones web y los profesores / estudiantes de ayuda para enseñar / aprender seguridad en aplicaciones Web en un entorno de sala de clase . [spoiler=Pagina oficial:] This is the hidden content, please Sign In or Sign Up Download: This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
loading Posted January 5, 2013 Share Posted January 5, 2013 Re: DVWA-1.0.7 (Vulnerable web application to practice) Hey there web pentesting enthusiasts! For today’s post, I decided to share my very own lists of common vulnerable web applications that are built by man and tested by nature for web penetration testing and hacking: This is the hidden content, please Sign In or Sign Up DVWA (Dam Vulnerable Web Application) - this vulnerable PHP/MySQL web application is one of the famous web applications used for or testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst a.k.a ethicalhack3r and is part of RandomStorm OpenSource project. Link: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Mutillidae - is a free and open source web application for website penetration testing and hacking which was developed by Adrian “Irongeek” Crenshaw and Jeremy “webpwnized” Druin. It is designed to be exploitable and vulnerable and ideal for practicing your Web Fu skills like SQL injection, cross site scripting, HTML injection, Javascript injection, clickjacking, local file inclusion, authentication bypass methods, remote code execution and many more based on OWASP (Open Web Application Security) Top 10 Web Vulnerabilties Link This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up SQLol - is a configurable SQL injection testbed which allows you to exploit SQLI (Structured Query Language Injection) flaws, but furthermore allows a large amount of control over the manifestation of the flaw. This application was released at at Austin Hackers Association meeting 0x3f by Daniel “unicornFurnace” Crowley of Trustwave Holdings, Inc. – Spider Labs. Link: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Hackxor - a web application hacking game developed by albino. It is a game where players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting(XSS), Cross Site Request Forgery(CSRF), Structured Query Language Injection (SQLi), Remote Command Injection(RCE), and many more. It’s also a web application running on Fedora 14. Link: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up The BodgeIt Store - is an open source and vulnerable web application which is currently aimed at people who are new to web penetration testing. It is easy to install and requires requires java and a servlet engine, e.g. Tomcat. It includes vulnerabilities like Cross Site Scripting, SQL injection, Hidden (but unprotected) content, Debug Code, Cross Site Request Forgery, Insecure Object References, and Application logic vulnerabilities. Link: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Exploit KB / exploit.co.il Vulnerable Web App - is one of the most famous vulnerable web app designed as a learning platform to test various SQL injection Techniques and it is a functional web site with a content management system based on fckeditor. This web application is also included in the This is the hidden content, please Sign In or Sign Up LINK: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up WackoPicko - is a vulnerable web application written by Adam Doupé. It contains known and common vulnerabilities for you to harness your web penetration skills and knowledge like XSS vulnerabilities, SQL injections, command-line injections, sessionID vulnerabilities, file inclusions, parameters manipulation, Reflected XSS Behind JavaScript, Logic Flaw, Reflected XSS Behind a Flash Form, and Weak usernames or passwords. It was first used for the paper This is the hidden content, please Sign In or Sign Up Link: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up WebGoat -is an OWASP project and a deliberately insecure J2EE web application designed to teach web application security lessons and concepts. What’s cool about this web application is that it lets users demonstrate their understanding of a security issue by exploiting a real vulnerability in the application in each lesson. Link This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up OWASP Hackademic Challenges Project - is another OWASP Project that helps you test your knowledge on web application security. You can use it to attack web applications in a realistic but also controlable and safe environment. Currently, there are 10 web application security scenarios available for you to hack. Link This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up XSSeducation – is a set of Cross Site Scripting attack challenges for people just learning about XSS to people who just want a good place to practice their already awesome skills. Various realistic challenges have been included for practice and it is still under development by AJ00200 but can already be dowloaded. This is the hidden content, please Sign In or Sign Up Enjoy! Link to comment Share on other sites More sharing options...
.webp.8407a83ac96563f75e1c428a1f0d4c3e.webp)
.webp.9a04cec050a656fab081ac190f971c3f.webp)
Hack Tools Resurrection
dEEpEst
Recommended Posts