Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: WAF Testing..suggestions??
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Wed, 1 Sep 2010 18:45:44 +0300

Hi False,

You can also try Http Parameter Pollution (HPP) attacks
http://www.securitytube.net/HTTP-Parameter-Pollution-%28HPP%29-Attack-video.aspx

Cheers,
Ioannis (Yiannis) Koukouras
CISSP, CISA, CISM
MSc in Computer Systems Security
BEng in Electronic Engineering
http://www.linkedin.com/in/ikoukouras
---
The information contained in this communication is intended solely
for  the  use  of the individual or entity to whom it is addressed
and others authorized to receive it.  It may  contain confidential
or legally privileged information.  If  you  are  not the intended
recipient you are hereby notified that  any  disclosure,  copying,
distribution  or  taking any action in reliance on the contents of
this  information  is  strictly  prohibited  and  may be unlawful.

If you have received this communication in error, please notify the
sender immediately  by  responding  to this email and then delete
 it from your system.


On Fri, Aug 27, 2010 at 10:59 PM, Dotzero <dotzero () gmail com> wrote:

Try waffit - http://code.google.com/p/waffit/source/checkout

On Mon, Aug 23, 2010 at 11:16 AM, false <jctx09 () yahoo com> wrote:
I need to test my WAF. I want to set up a simple network in the lab like this:
XP or Linux client <--> WAF <--> Honeypot/test webserver

1) Does anyone have any suggestions on what I can use to simulate/generate attacks/suspicous traffic towards the 
weberver from my client?

2) Is there a honeypot image out there that I can download that would be good to be the role of my test
webserver?

Any suggestions or ideas are very much appreciated.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB 
CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]