PHP/MySQL 로 구성된 취약성 진단 테스트 구축 사이트 "DVWA"
레벨이 3단계로 구성되어 있으며, 레벨별로 취약성을 발견하기 어려워 집니다.
레벨별 소스 코드도 비교할 수 있어 Secure Coding 이해에 도움이 되실 것 같습니다.
| OWASP Top 10 Tools and Tactics (0) | 2011.09.01 |
|---|---|
| Pentesting Vulnerable Study Frameworks Complete List (0) | 2011.09.01 |
OWASP Top 10 에 대한 소개 및 진단 툴에 대해 소개하고 있다.
나름 여기서 손에 익은 연장을 사용하면 된다. ^^;
자세한 건 링크...
http://resources.infosecinstitute.com/owasp-top-10-tools-and-tactics/
| Damn Vulnerable Web App (DVWA) (0) | 2011.09.01 |
|---|---|
| Pentesting Vulnerable Study Frameworks Complete List (0) | 2011.09.01 |
공부하시는 학생들에게 좋은 자료가 될 것 같습니다.
May 10th, 2011
It’s very difficult for the beginner security analyst, mainly the ones interested in the area of pentesting, to find good study pentesting resources. Starting from the principle that in pentesting there are many other sub areas of study, it becomes more and more difficult to choose and then find a proper pentesting study application.
As the beginner knows nearly nothing it became very difficult to prepare a Home Pentesting Lab for study, once that beginners has to know something about coding a vulnerable application fisrt, then exploit them.
Thinking about that i’ve decided to gather a list, the most complete I could, with all vulnerable pentesting tools I could find. They are categorized based on the type of application like Web Pentesting, War Games and Insecure Distributions. Due to the amount of tools I won’t be doing any previews because it would delay this post a lot and make it a little boring to read. I’m gonna review every tool with complete labs later on in future posts.
As I don’t know every pentesting tool in the planet, feel free to contact me if you remember any application, in fact I would much appreciate it. And I apologize if I miscategorized some of them, feel free to tell me when I’ve done that so i can correct that.
Note that this post intends to show only vulnerable applications used to be exploited, not the tools used to exploit them.
Web Pentesting
War Games
| Application Name | Company / Developer | URL |
| Hell Bound Hackers | Hell Bound Hackers | http://hellboundhackers.org/ |
| Vulnerability Assessment | Kevin Orrey | http://www.vulnerabilityassessment.co.uk/ |
| Smash the Stack | Smash the Stack | http://www.smashthestack.org/ |
| Over the Wire | Over the Wire | http://www.overthewire.org/wargames/ |
| Hack This Site | Hack This Site | http://www.hackthissite.org/ |
| Hacking Lab | Hacking Lab | https://www.hacking-lab.com/ |
| We Chall | We Chall | https://www.wechall.net/ |
| REMnux | REMnux | http://zeltser.com/remnux/ |
Insecure Distributions
| Application Name | Company / Developer | URL |
| Damm Vulnerable Linux | DVL | http://www.damnvulnerablelinux.org/ |
| Metasploitable | Offensive Security | http://blog.metasploit.com/2010/05/introducing-metasploitable.html |
| de-ICE | Hacker Junkie | http://www.de-ice.net/ |
| Moth | Bonsai Security Software | http://www.bonsai-sec.com/en/research/moth.php |
| PwnOS | Niel Dickson | http://www.neildickson.com/os/ |
| Holynix | Pynstrom | http://pynstrom.net/holynix.php |
Have fun !!!
[출처] http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/
| Damn Vulnerable Web App (DVWA) (0) | 2011.09.01 |
|---|---|
| OWASP Top 10 Tools and Tactics (0) | 2011.09.01 |
|
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |
DVWA-1.0.7.zip
