Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: Re: Web Pen Test Honeypot

Re: Web Pen Test Honeypot

From: Jamie Riden <jamie.riden_at_gmail.com>
Date: Fri, 11 Jul 2008 14:18:52 +0100

2008/7/8 John Evans <admin_at_kilnar.com>:
> Greetings,
>
> I am in the middle of evaluating the wide variety of web security
> pen-test tools that exist. I'm currently pointing each piece of software
> to a site that I have written. None of the tools are finding issues.
>
> My task right now is to find the right tool for the job, and the job is
> finding web-based security issues. Either the tools are not working, or
> my site is secure. I'm not willing to put money on which of the two is
> true. :)
>
> What I need is a web application that has known security issues. I would
> prefer one that was intentionally written to have scanners pointed to it
> for testing the scanners.
>
> Does such a thing exist? I hope so, because I hardly have time right now
> to write even the simplest web application that has all of the various
> holes that I need to test for.
>
> If someone could point me to a "web honeypot" that I could install in my
> own environment I would appreciate it.

Try:
http://www.foundstone.com/us/resources/proddesc/hacmebank.htm
or one of the older versions of awstats, phpBB, or phpNuke that had
issues (SQL injection, command injection, php code injection.)

Tools may show up some faults, but they won't find them all - but to be sure
you should really do a source code audit.

cheers,
 Jamie 

-- 
Jamie Riden / jamesr_at_europe.com / jamie_at_honeynet.org.uk
UK Honeynet Project: http://www.ukhoneynet.org/
-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jul 11 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos