Andres, it interesting idea! It looks like DVL[0] but especially for web security?
[0] http://www.damnvulnerablelinux.org/ wget http://dfn.dl.sourceforge.net/sourceforge/w3af/moth-v0.6.7z --2009-05-07 22:41:28-- http://dfn.dl.sourceforge.net/sourceforge/w3af/moth-v0.6.7z ... =) > List, > > Today I'm releasing "moth", a new tool which I think you'll enjoy. > This release is for this mailing list only, the public release (full > disclosure, web app sec mailing list, etc.) is going to be in a couple > of days! > > Moth is a VMware image with a set of vulnerable Web Applications, that > you may use for: > - Testing Web Application Security Scanners > - Testing Static Code Analysis tools (SCA) > - Giving an introductory course to Web Application Security > > The motivation for creating this image came after reading > "anantasec-report.pdf" which is included in this release > "anantasec/anantasec-report.pdf"). The main objective of this vmware > image is to be able to test the w3af - Web Application Attack and > Audit Framework and compare it with the commercial tools included in > the report. > > Other tools like this are available (securibench to name one) but they > lack one very important feature: a list of vulnerabilities that are > included in the Web Applications! In our case, we use the results > gathered in the anantasec report as our list of Web Application > Vulnerabilities included in the release. > > For most of the web applications there are three different ways to access > them: > - Directly > - Through mod_security > - Through PHP-IDS > > Both mod_security and PHP-IDS have their default configurations and > they show a log of the offending request when one is found. This is > very useful for testing web application scanners, and teaching > students how web application firewalls work. The beauty is that a user > may access a vulnerable script directly, then access the same script > using mod_security and finally try to trigger the same vulnerability > through PHP-IDS. > > The download link is here: > https://sourceforge.net/project/showfiles.php?group_id=170274&package_id=321355&release_id=680646 > > Please send the feedback to this mailing list, enjoy! > > Cheers, > -- > Andrés Riancho > http://www.bonsai-sec.com/ > http://w3af.sourceforge.net/ > > ------------------------------------------------------------------------------ > The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your > production scanning environment may not be a perfect world - but thanks to > Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 > Series Scanner you'll get full speed at 300 dpi even with all image > processing features enabled. http://p.sf.net/sfu/kodak-com > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Taras P. Ivashchenko <naplan...@gmail.com>
pgpvAFMN0EbJz.pgp
Description: PGP signature
------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop