1 comments
Tuesday, February 23, 2010
A lot of tweets today informed me about launch of Damn Vulnerable Web App (DVWA) which is basically an aid for security professionals to test their skills and tools and help web developers better understand the processes of securing web applications.
I had an old list of tools/plug-ins/utilities etc which can be helpful while playing with DVWA and I'd like to share the same for you to learn WebApp Security better.
Proxy Servers:
WebScarab: http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Download
Burp: http://www.portswigger.net/suite/download.html
Paros: http://www.parosproxy.org/download.shtml
Firefox Plugins: [ https://addons.mozilla.org/en-US/firefox/collection/webappsec ]
Tamper Data: https://addons.mozilla.org/en-US/firefox/addon/966
SwitchProxy: https://addons.mozilla.org/en-US/firefox/addon/125
SQL Inject Me: https://addons.mozilla.org/en-US/firefox/addon/7597
XSS Me: https://addons.mozilla.org/en-US/firefox/addon/7598
NoScript: http://noscript.net/getit
ShowIP: https://addons.mozilla.org/en-US/firefox/addon/590
ViewStatePeeker: https://addons.mozilla.org/en-US/firefox/addon/7167
LiveHTTPHeader: https://addons.mozilla.org/en-US/firefox/addon/3829
Injection Tools:
SQLMap: http://sqlmap.sourceforge.net/
SQLNinja: http://sqlninja.sourceforge.net/
Pangolin: http://www.nosec.org/en/pangolin.html
Some other HACKMEs:
WebGoat: http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824&release_id=613045
Foundstone Hacme Series: http://www.foundstone.com/us/resources-free-tools.asp
While doing webapp security testing, how can someone forget rsnake. Check out http://ha.ckers.org/ & specially his list of jailfree hacking sites @ http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime
Happy Hacking
