Solved

where can I perform security testing?

Posted on 2010-09-19
5
721 Views
Last Modified: 2013-11-16
Recently, I'm studying application security. My issue is where I can perform security testing, for example SQL injection. I bought SecurityCompass CD. That’s good but SQL injection Lab is too simple, just try 1=1 and 1=0 then check the different response. I do need more hand-on experience.

Is there any website that allow to be tested for free or other suggestion?

Thanks very much in advance
0
Comment
Question by:howruaz9
  • 3
5 Comments
 
LVL 25

Expert Comment

by:madunix
Comment Utility
i use opensource tools and my own scripts(perl/python), maybe you could use BackTrack, a nice distro with a lot of security tools....
http://www.remote-exploit.org/backtrack.html
0
 
LVL 25

Expert Comment

by:madunix
Comment Utility
0
 

Expert Comment

by:kpanku
Comment Utility
madunix is true........
it works
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 250 total points
Comment Utility
beside the above my list
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Backtrack http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf
8.      skipfish http://code.google.com/p/skipfish/
9.    appscan http://www-01.ibm.com/software/awdtools/appscan/

a summary list:    http://projects.webappsec.org/Web-Application-Security-Scanner-List

please note skipfish is good tool, the command line tool acts as Web crawler and prepares an interactive sitemap for the targeted site. The Web app is then subjected to a number of nondisruptive security probes, such as for cross-site scripting (XSS), cross-site request forgery (XSRF) and server-side SQL injection. The software can probe websites developed under multiple technologies and frameworks.  http://code.google.com/p/skipfish/  and http://code.google.com/p/skipfish/w/list
0
 
LVL 4

Accepted Solution

by:
rajivvishwa earned 250 total points
Comment Utility
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
In our personal lives, we have well-designed consumer apps to delight us and make even the most complex transactions simple. Many enterprise applications, however, are a bit behind the times. For an enterprise app to be successful in today's tech wo…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now