Oh yeah, I should also mention that there's a list of test environments on the OWASP site as well: http://www.owasp.org/index.php/Phoenix/Tools
Some of those are "live" and you can point tools at them at your own risk. I prefer to keep testing traffic on the local LAN unless I've got a signed agreement (aka get out of jail card) but I'm not sure if any of those are also on VM images. -- Matt Tesauro OWASP Live CD Project Lead http://www.owasp.org/index.php/Category:OWASP_Live_CD_2008_Project http://mtesauro.com/livecd/ - Documentation Wiki mouse wrote: > What are folks using to benchmark or test updated versions of w3af? > Does anyone have a set of vmimages with vulnerable web apps or a list of > vulnerable apps that are used in this effort? Or do folks generally use > custom apps? > > Thanks, > Drew > > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Check out the new SourceForge.net Marketplace. > It is the best place to buy or sell services for > just about anything Open Source. > http://p.sf.net/sfu/Xq1LFB > > > ------------------------------------------------------------------------ > > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
