Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 843
  • Last Modified:

where can I perform security testing?

Recently, I'm studying application security. My issue is where I can perform security testing, for example SQL injection. I bought SecurityCompass CD. That’s good but SQL injection Lab is too simple, just try 1=1 and 1=0 then check the different response. I do need more hand-on experience.

Is there any website that allow to be tested for free or other suggestion?

Thanks very much in advance
0
howruaz9
Asked:
howruaz9
  • 3
2 Solutions
 
madunixChief Information Security Officer Commented:
i use opensource tools and my own scripts(perl/python), maybe you could use BackTrack, a nice distro with a lot of security tools....
http://www.remote-exploit.org/backtrack.html
0
 
madunixChief Information Security Officer Commented:
0
 
kpankuCommented:
madunix is true........
it works
0
 
madunixChief Information Security Officer Commented:
beside the above my list
1.      Nessus (Linux if you can) http://www.nessus.org/nessus/
2.      Nikto (Linux) http://www.cirt.net/nikto2
3.      Paros proxy (Linux if you can) http://www.parosproxy.org/index.shtml
4.      Ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/
5.      SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/
6.      MBSA (discutable) http://technet.microsoft.com/en-us/security/cc184923.aspx
7.      Backtrack http://www.linux-magazine.com/w3/issue/77/BackTrack.pdf
8.      skipfish http://code.google.com/p/skipfish/
9.    appscan http://www-01.ibm.com/software/awdtools/appscan/

a summary list:    http://projects.webappsec.org/Web-Application-Security-Scanner-List

please note skipfish is good tool, the command line tool acts as Web crawler and prepares an interactive sitemap for the targeted site. The Web app is then subjected to a number of nondisruptive security probes, such as for cross-site scripting (XSS), cross-site request forgery (XSRF) and server-side SQL injection. The software can probe websites developed under multiple technologies and frameworks.  http://code.google.com/p/skipfish/  and http://code.google.com/p/skipfish/w/list
0
 
rajivvishwaCommented:
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now