List,

    Today I'm releasing "moth", a new tool which I think you'll enjoy.
This release is for this mailing list only, the public release (full
disclosure, web app sec mailing list, etc.) is going to be in a couple
of days!

Moth is a VMware image with a set of vulnerable Web Applications, that
you may use for:
    - Testing Web Application Security Scanners
    - Testing Static Code Analysis tools (SCA)
    - Giving an introductory course to Web Application Security

The motivation for creating this image came after reading
"anantasec-report.pdf" which is included in this release
"anantasec/anantasec-report.pdf"). The main objective of this vmware
image is to be able to test the w3af - Web Application Attack and
Audit Framework and compare it with the commercial tools included in
the report.

Other tools like this are available (securibench to name one) but they
lack one very important feature: a list of vulnerabilities that are
included in the Web Applications! In our case, we use the results
gathered in the anantasec report as our list of Web Application
Vulnerabilities included  in the release.

For most of the web applications there are three different ways to access them:
    - Directly
    - Through mod_security
    - Through PHP-IDS

Both mod_security and PHP-IDS have their default configurations and
they show a log of the offending request when one is found. This is
very useful for testing web application scanners, and teaching
students how web application firewalls work. The beauty is that a user
may access a vulnerable script directly, then access the same script
using mod_security and finally try to trigger the same vulnerability
through PHP-IDS.

The download link is here:
https://sourceforge.net/project/showfiles.php?group_id=170274&package_id=321355&release_id=680646

    Please send the feedback to this mailing list, enjoy!

Cheers,
-- 
Andrés Riancho
http://www.bonsai-sec.com/
http://w3af.sourceforge.net/

------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image 
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop

Reply via email to