?
Solved

where can I perform security testing?

Posted on 2010-09-19
5
Medium Priority
?
809 Views
Last Modified: 2013-11-16
Recently, I'm studying application security. My issue is where I can perform security testing, for example SQL injection. I bought SecurityCompass CD. That’s good but SQL injection Lab is too simple, just try 1=1 and 1=0 then check the different response. I do need more hand-on experience.

Is there any website that allow to be tested for free or other suggestion?

Thanks very much in advance
0
Comment
Question by:howruaz9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 25

Expert Comment

by:madunix
ID: 33713919
i use opensource tools and my own scripts(perl/python), maybe you could use BackTrack, a nice distro with a lot of security tools....
http://www.remote-exploit.org/backtrack.html
0
 
LVL 25

Expert Comment

by:madunix
ID: 33713942
0
 

Expert Comment

by:kpanku
ID: 33714040
madunix is true........
it works
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 1000 total points
ID: 33714084
beside the above my list
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Backtrack http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf
8.      skipfish http://code.google.com/p/skipfish/
9.    appscan http://www-01.ibm.com/software/awdtools/appscan/

a summary list:    http://projects.webappsec.org/Web-Application-Security-Scanner-List

please note skipfish is good tool, the command line tool acts as Web crawler and prepares an interactive sitemap for the targeted site. The Web app is then subjected to a number of nondisruptive security probes, such as for cross-site scripting (XSS), cross-site request forgery (XSRF) and server-side SQL injection. The software can probe websites developed under multiple technologies and frameworks.  http://code.google.com/p/skipfish/  and http://code.google.com/p/skipfish/w/list
0
 
LVL 4

Accepted Solution

by:
rajivvishwa earned 1000 total points
ID: 33718067
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

All of the resources available today make learning a new digital media easier than ever-- if you know where to begin. This is a clear, simple guide to a few of the basic digital art mediums and how to begin learning them on your own.
This post contains step-by-step instructions for setting up alerting in Percona Monitoring and Management (PMM) using Grafana.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question