where can I perform security testing?

Recently, I'm studying application security. My issue is where I can perform security testing, for example SQL injection. I bought SecurityCompass CD. That’s good but SQL injection Lab is too simple, just try 1=1 and 1=0 then check the different response. I do need more hand-on experience.

Is there any website that allow to be tested for free or other suggestion?

Thanks very much in advance
howruaz9Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
rajivvishwaConnect With a Mentor Commented:
0
 
Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
i use opensource tools and my own scripts(perl/python), maybe you could use BackTrack, a nice distro with a lot of security tools....
http://www.remote-exploit.org/backtrack.html
0
 
Fadi SODAH (aka madunix)Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
0
 
kpankuCommented:
madunix is true........
it works
0
 
Fadi SODAH (aka madunix)Connect With a Mentor Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
beside the above my list
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Backtrack http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf
8.      skipfish http://code.google.com/p/skipfish/
9.    appscan http://www-01.ibm.com/software/awdtools/appscan/

a summary list:    http://projects.webappsec.org/Web-Application-Security-Scanner-List

please note skipfish is good tool, the command line tool acts as Web crawler and prepares an interactive sitemap for the targeted site. The Web app is then subjected to a number of nondisruptive security probes, such as for cross-site scripting (XSS), cross-site request forgery (XSRF) and server-side SQL injection. The software can probe websites developed under multiple technologies and frameworks.  http://code.google.com/p/skipfish/  and http://code.google.com/p/skipfish/w/list
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.