Solved

where can I perform security testing?

Posted on 2010-09-19
5
787 Views
Last Modified: 2013-11-16
Recently, I'm studying application security. My issue is where I can perform security testing, for example SQL injection. I bought SecurityCompass CD. That’s good but SQL injection Lab is too simple, just try 1=1 and 1=0 then check the different response. I do need more hand-on experience.

Is there any website that allow to be tested for free or other suggestion?

Thanks very much in advance
0
Comment
Question by:howruaz9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 25

Expert Comment

by:madunix
ID: 33713919
i use opensource tools and my own scripts(perl/python), maybe you could use BackTrack, a nice distro with a lot of security tools....
http://www.remote-exploit.org/backtrack.html
0
 
LVL 25

Expert Comment

by:madunix
ID: 33713942
0
 

Expert Comment

by:kpanku
ID: 33714040
madunix is true........
it works
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 250 total points
ID: 33714084
beside the above my list
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Backtrack http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf
8.      skipfish http://code.google.com/p/skipfish/
9.    appscan http://www-01.ibm.com/software/awdtools/appscan/

a summary list:    http://projects.webappsec.org/Web-Application-Security-Scanner-List

please note skipfish is good tool, the command line tool acts as Web crawler and prepares an interactive sitemap for the targeted site. The Web app is then subjected to a number of nondisruptive security probes, such as for cross-site scripting (XSS), cross-site request forgery (XSRF) and server-side SQL injection. The software can probe websites developed under multiple technologies and frameworks.  http://code.google.com/p/skipfish/  and http://code.google.com/p/skipfish/w/list
0
 
LVL 4

Accepted Solution

by:
rajivvishwa earned 250 total points
ID: 33718067
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
The viewer will learn how to set up a document for the web and print and the recommended PPI for printing.
The viewer will learn how to create multiple layers to apply various filters and how to delete areas from each layer’s filter.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question