WarGame en local: WebGoat

WebGoat es un rpoyecto de OWASP con el que pretenden enseñar los conceptos de seguridad y hacking en sistemas web.


Pruebas:

General	HTTP Basics
	HTTP Splitting and Cache Poisining
	How to Exploit Thread Safety Problems
	How to add a new WebGoat lesson
Code Quality	How to Discover Clues in the HTML
Unvalidated Parameters	How to Exploit Hidden Fields
	How to Exploit Unchecked Email
	How to Bypass Client Side JavaScript Validation
Broken Access Control	Using an Access Control Matrix
	How to Bypass a Path Based Access Control Scheme
	How to Perform Cross Site Request Forgery (CSRF)
	LAB: Role based Access Control
	Remote Admin Access
Broken Authentication	Forgot Password
	How to Spoof an Authentication Cookie
	How to Hijack a Session
	Basic Authentication
Cross Site Scripting (Xss)	LAB: Cross Site Scripting
	How to Perform Stored Cross Site Scripting (XSS)
	How to Perform Reflected Cross Site Scripting (XSS)
	HTTPOnly Test
	How to Perform Cross Site Tracing (XST) Attacks
Buffer Overflows	Buffer Overflow
Injection Flaws	How to Perform Command Injection
	How to Perform Blind SQL Injection
	How to Perform Numeric SQL Injection
	How to Perform Log Spoofing
	How to Perform XPATH Injection
	How to Perform String SQL Injection
	LAB: SQL Injection
	How to Use Database Backdoors
Improper Error Handling	How to Bypass a Fail Open Authentication Scheme
Insecure Storage	Encoding Basics
Denial of Service	Denial of Service From Multiple Logins
Insecure Configuration Management	Forced Browsing
Web Services	How to Create a SOAP Request
	WSDL Scanning
	Web Service SAX Injection
	Web Service SQL Injection
AJAX Security	DOM Injection
	XML Injection
	JSON Injection
	Silent Transactions Attacks
Challenge	The Challenge

Cada prueba incluye pistas y un howto por si no se domina el concepto.
Funciona tanto en Windows como en Linux.
Descarga: http://sourceforge.net/project/showfiles.php?group_id=64424

Salu2