How to Practice Your Web Application Testing Skills

For those who are learning web application security testing (or just trying to stay sharp) it's often difficult to find quality websites to test one's skills. There are a few scattered around the Internet (see the link in the notes section below) but it would be nice to have a solid collection of test sites all in one place.

 

Aside from finding them all, another problem with most of these sites is that you can download them for free but they often require some fairly significant configuration. There should be a counter somewhere that shows how much time has been wasted trying to get Webgoat to run, for example.

 

There is a project that solves both of these problems simultaneously: The OWASP Broken Web Applications Project. It collects a ton of broken web apps into a single project and accomplishes a few major things:

 

  1. Aggregation: there are over a dozen broken apps--some on purpose and some old versions of real software.
  2. Preconfiguration: they all work the way they're supposed to--every time. 
  3. Virtualization: they run from a virtual machine so you simply run the VM and go.
The project includes the following apps (screenshot from the homescreen):
OWASPBWA.png

 

That is a ton of apps, and as I said, they actually work. You click the link as you see it above in the screenshot and you've landed on the start URL for your target. Fire up your browser, your proxy tool of choice, your favorite web scanners, etc. and you're on your way. It's projects like these that make me happy to contribute to OWASP every year.

 

Enjoy!

 

Notes
 

1 Be sure to run this VM in a secure environment to avoid introduction of vulnerability to a sensitive network. Running the VM in a NAT configuration is one option.

 2 I've also compiled a list on my own site that includes a collection of the web-facing vulnerable web apps provided by vendors, as well as a number of webappsec tools and suites.

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值