domingo, 7 de junio de 2009

WarGame en local: WebGoat

WebGoat es un rpoyecto de OWASP con el que pretenden enseñar los conceptos de seguridad y hacking en sistemas web.


Pruebas:

General HTTP Basics

HTTP Splitting and Cache Poisining

How to Exploit Thread Safety Problems

How to add a new WebGoat lesson
Code Quality How to Discover Clues in the HTML
Unvalidated Parameters How to Exploit Hidden Fields

How to Exploit Unchecked Email

How to Bypass Client Side JavaScript Validation
Broken Access Control Using an Access Control Matrix

How to Bypass a Path Based Access Control Scheme

How to Perform Cross Site Request Forgery (CSRF)

LAB: Role based Access Control

Remote Admin Access
Broken Authentication Forgot Password

How to Spoof an Authentication Cookie

How to Hijack a Session

Basic Authentication
Cross Site Scripting (Xss) LAB: Cross Site Scripting

How to Perform Stored Cross Site Scripting (XSS)

How to Perform Reflected Cross Site Scripting (XSS)

HTTPOnly Test

How to Perform Cross Site Tracing (XST) Attacks
Buffer Overflows Buffer Overflow
Injection Flaws How to Perform Command Injection

How to Perform Blind SQL Injection

How to Perform Numeric SQL Injection

How to Perform Log Spoofing

How to Perform XPATH Injection

How to Perform String SQL Injection

LAB: SQL Injection

How to Use Database Backdoors
Improper Error Handling How to Bypass a Fail Open Authentication Scheme
Insecure Storage Encoding Basics
Denial of Service Denial of Service From Multiple Logins
Insecure Configuration Management Forced Browsing
Web Services How to Create a SOAP Request

WSDL Scanning

Web Service SAX Injection

Web Service SQL Injection
AJAX Security DOM Injection

XML Injection

JSON Injection

Silent Transactions Attacks
Challenge The Challenge


Cada prueba incluye pistas y un howto por si no se domina el concepto.
Funciona tanto en Windows como en Linux.
Descarga: http://sourceforge.net/project/showfiles.php?group_id=64424

Salu2

No hay comentarios:

Publicar un comentario en la entrada