Taras, On Thu, May 7, 2009 at 3:43 PM, Taras P. Ivashchenko <naplan...@gmail.com> wrote: > > Andres, > it interesting idea! > > It looks like DVL[0] but especially for web security?
Yep, its basically the same idea. > [0] http://www.damnvulnerablelinux.org/ > > wget http://dfn.dl.sourceforge.net/sourceforge/w3af/moth-v0.6.7z > --2009-05-07 22:41:28-- > http://dfn.dl.sourceforge.net/sourceforge/w3af/moth-v0.6.7z > ... =) > > >> List, >> >> Today I'm releasing "moth", a new tool which I think you'll enjoy. >> This release is for this mailing list only, the public release (full >> disclosure, web app sec mailing list, etc.) is going to be in a couple >> of days! >> >> Moth is a VMware image with a set of vulnerable Web Applications, that >> you may use for: >> - Testing Web Application Security Scanners >> - Testing Static Code Analysis tools (SCA) >> - Giving an introductory course to Web Application Security >> >> The motivation for creating this image came after reading >> "anantasec-report.pdf" which is included in this release >> "anantasec/anantasec-report.pdf"). The main objective of this vmware >> image is to be able to test the w3af - Web Application Attack and >> Audit Framework and compare it with the commercial tools included in >> the report. >> >> Other tools like this are available (securibench to name one) but they >> lack one very important feature: a list of vulnerabilities that are >> included in the Web Applications! In our case, we use the results >> gathered in the anantasec report as our list of Web Application >> Vulnerabilities included in the release. >> >> For most of the web applications there are three different ways to access >> them: >> - Directly >> - Through mod_security >> - Through PHP-IDS >> >> Both mod_security and PHP-IDS have their default configurations and >> they show a log of the offending request when one is found. This is >> very useful for testing web application scanners, and teaching >> students how web application firewalls work. The beauty is that a user >> may access a vulnerable script directly, then access the same script >> using mod_security and finally try to trigger the same vulnerability >> through PHP-IDS. >> >> The download link is here: >> https://sourceforge.net/project/showfiles.php?group_id=170274&package_id=321355&release_id=680646 >> >> Please send the feedback to this mailing list, enjoy! >> >> Cheers, >> -- >> Andrés Riancho >> http://www.bonsai-sec.com/ >> http://w3af.sourceforge.net/ >> >> ------------------------------------------------------------------------------ >> The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your >> production scanning environment may not be a perfect world - but thanks to >> Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 >> Series Scanner you'll get full speed at 300 dpi even with all image >> processing features enabled. http://p.sf.net/sfu/kodak-com >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop > > > -- > Taras P. Ivashchenko <naplan...@gmail.com> > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop