How to Practice Your Web Application Testing Skills

转载 2012年03月21日 10:18:34

For those who are learning web application security testing (or just trying to stay sharp) it's often difficult to find quality websites to test one's skills. There are a few scattered around the Internet (see the link in the notes section below) but it would be nice to have a solid collection of test sites all in one place.


Aside from finding them all, another problem with most of these sites is that you can download them for free but they often require some fairly significant configuration. There should be a counter somewhere that shows how much time has been wasted trying to get Webgoat to run, for example.


There is a project that solves both of these problems simultaneously: The OWASP Broken Web Applications Project. It collects a ton of broken web apps into a single project and accomplishes a few major things:


  1. Aggregation: there are over a dozen broken apps--some on purpose and some old versions of real software.
  2. Preconfiguration: they all work the way they're supposed to--every time. 
  3. Virtualization: they run from a virtual machine so you simply run the VM and go.
The project includes the following apps (screenshot from the homescreen):


That is a ton of apps, and as I said, they actually work. You click the link as you see it above in the screenshot and you've landed on the start URL for your target. Fire up your browser, your proxy tool of choice, your favorite web scanners, etc. and you're on your way. It's projects like these that make me happy to contribute to OWASP every year.





1 Be sure to run this VM in a secure environment to avoid introduction of vulnerability to a sensitive network. Running the VM in a NAT configuration is one option.

 2 I've also compiled a list on my own site that includes a collection of the web-facing vulnerable web apps provided by vendors, as well as a number of webappsec tools and suites.

How To Improve Your Listening Skills

  • 2009年01月07日 12:05
  • 455KB
  • 下载

如何在Android程序中使用ACRA3(How to install ACRA3 in your Android application)

一、介绍(Introduction)ACRA 允许你的Android应用将崩溃报告以谷歌文档电子表的形式进行发送。本教程将引导您在应用程序项目中安装ACRA。ACRA allows your Andr...

How To Use MySQL with Your Ruby on Rails Application on Ubuntu 14.04

Introduction Ruby on Rails uses sqlite3 as its default database, which works great in many cases, b...

How to debug your application (http protocol) using Fiddler

Fiddler has been out there for a while, but recently I discovered that it is either unknown, o...

How to embed VideoIO in your Flex/Flash application?

VideoIO Flash-based audio and video communication Home › Flash-VideoIO Tutorial ...

How to add a Custom Pull to Refresh in your iOS Application

If you love your iOS Application and like to make sure that branding is consistent throughout then i...

How to Turn Your Mac Into a Web Server

From: How to Turn Your Mac Into a Web Server What You ...

How to make your Web Reference proxy URL dynamic

Introduction I have been asked before, how to make the URL property for a web reference to a web se...
您举报文章:How to Practice Your Web Application Testing Skills