Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



WebApp Sec: RE: Web Pen Test Honeypot

RE: Web Pen Test Honeypot

From: Thakrar, Saurabh <saurabh.thakrar_at_roche.com>
Date: Fri, 11 Jul 2008 14:53:48 -0400

There is another one by HP
http://zero.webappsecurity.com

Best Regards,

Saurabh A. Thakrar
Information Security Consultant-Global Security Operations and
Competency Center
Roche Diagnostics Operations, Inc.
9115 Hague Road, Bldg-P
Indianapolis, Indiana 46250-0457 USA
Phone: +1 317-521-4209
Mobile: +1 317-670-7560
mailto:saurabh.thakrar_at_roche.com
Confidentiality Note: This message is intended only for the use of the
named recipient(s) and may contain confidential and/or proprietary
information. If you are not the intended recipient, please contact the
sender and delete this message. Any unauthorized use of the information
contained in this message is prohibited.
-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of Stevens, Scott
Sent: Friday, July 11, 2008 12:23 PM
To: John Evans; webappsec_at_securityfocus.com
Subject: RE: Web Pen Test Honeypot

I believe IBM/Watchfire (now called 'IBM Rational Scan') has a site
that's stood up exclusively for webappsec demo'ing purposes. I've seen
it used in various demos. It's globally available and I don't believe
there's any restriction on testing against it.

URL: http://www.testfire.net

Scott Stevens
Security Consultant
En Pointe Technologies

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of John Evans
Sent: Tuesday, July 08, 2008 4:40 PM
To: webappsec_at_securityfocus.com
Subject: Web Pen Test Honeypot

Greetings,

I am in the middle of evaluating the wide variety of web security
pen-test tools that exist. I'm currently pointing each piece of software
to a site that I have written. None of the tools are finding issues.

My task right now is to find the right tool for the job, and the job is
finding web-based security issues. Either the tools are not working, or
my site is secure. I'm not willing to put money on which of the two is
true. :)

What I need is a web application that has known security issues. I would
prefer one that was intentionally written to have scanners pointed to it
for testing the scanners.

Does such a thing exist? I hope so, because I hardly have time right now
to write even the simplest web application that has all of the various
holes that I need to test for.

If someone could point me to a "web honeypot" that I could install in my
own environment I would appreciate it.

Thanks. 

--
John Evans
Administrator of kilnar.com
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process? Download
this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
------------------------------------------------------------------------
-
------------------------------------------------------------------------
-
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process? Download
this Whitepaper today! 
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
------------------------------------------------------------------------
-
-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jul 11 2008
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos