Web Applications Security

Tag: web-security Author: hho888 Date: 2010-09-22

Hi does anybody know of any other programs similar to Webgoat for the demonstration of web application security flaws?

Other Answer1

The big ones I would think of would be Fortify and HP WebInspect.

Fortify will scan the source code and find potential vulnerabilities HP WebInspect will scan/brute force a website in production and find/report actual vulnerabilities.

Both require a fairly expensive license.

Other Answer2

There are plenty of them. Some hosted, some for local installation. Some targeted more to teaching about web security, others for testing. Fortunately some folks already made some lists:

http://slogic.net/training/vulnerable-web-applications-to-learn-web-application-testing-skills

http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning

http://www.owasp.org/index.php/Phoenix/Tools#Testing_grounds

I personally would start with Google Gruyere (http://google-gruyere.appspot.com/).

Other Answer3

There is a really good list in here: http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime/

Other Answer4

Take a look at:

Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.