Well a good start might be to run it against an on-purpose vulnerable web site like the one by Acunetix (http://testphp.acunetix.com/). Just choose the OWASP Top 10 profile, type the website in the address bar and press Start. There are also web applications that are made for people to practice finding flaws like mutillidae or lampsecurity.lampsec-sqlinject (http://lampsecurity.org/capture-the-flag-6). You need to install those applications though, so you must know how to run an Apache/MySQL/PHP server. A trick that might help you install them faster is to use a package like Wampserver for Windows.
On a side note, if you don't know much about web applications vulnerabilities, it would be a good thing to read a bit about them. A good place to start is with the OWASP Top 10 : it's the list of the 10 most common web flaws. You can find it here : http://www.owasp.org/index.php/Top_10_2007. If you have a some money aside, consider buying the book "The Web Application Hacker's Handbook", it's really good for beginning and also as a reference. Hope that helps, Sébastien On Mon, Sep 14, 2009 at 5:18 PM, steve jacobs <[email protected]> wrote: > Thanks for the guide, got the tool up and running, great. > > Now... Where would be a good place to start to look for basic security flaws > in our web pages, are there any "beginners" features on the tool I can run > just to get a feel for the framework? > > Regards, > Steve J. > >> Date: Mon, 14 Sep 2009 16:38:15 -0400 >> Subject: Re: [W3af-users] Getting Started >> From: [email protected] >> To: [email protected] >> CC: [email protected] >> >> It's actually pretty simple. You need to install Python 2.5 for >> windows from here : >> >> http://www.python.org/ftp/python/2.5.4/python-2.5.4.msi >> >> Then get w3af for Windows from here : >> >> >> http://sourceforge.net/projects/w3af/files/w3af/w3af%201.0-rc2%20%5Bshorty%5D/w3af_1.0-rc2_setup.exe/download >> >> You will have an icon on your desktop. It's that simple! I don't know >> if you need to be admin though. >> >> >> On Mon, Sep 14, 2009 at 4:16 PM, steve jacobs <[email protected]> >> wrote: >> > W3af folk, >> > >> > For someone very new to this type of tool, wanting to research it >> > further, >> > how can I fire up the GUI in Windows XP? Please keep the instructions as >> > simple as poss. I trust I need to enter some command line instruction or >> > similar? Do I require local admin rights on my machine to use the tool >> > to >> > its full functionality? >> > >> > Best Regards, >> > >> > Steve J. >> > >> > ________________________________ >> > Add other email accounts to Hotmail in 3 easy steps. Find out how. >> > >> > ------------------------------------------------------------------------------ >> > Come build with us! The BlackBerry® Developer Conference in SF, CA >> > is the only developer event you need to attend this year. Jumpstart your >> > developing skills, take BlackBerry mobile applications to market and >> > stay >> > ahead of the curve. Join us from November 9-12, 2009. Register >> > now! >> > http://p.sf.net/sfu/devconf >> > _______________________________________________ >> > W3af-users mailing list >> > [email protected] >> > https://lists.sourceforge.net/lists/listinfo/w3af-users >> > >> > > > ________________________________ > New! Receive and respond to mail from other email accounts from within > Hotmail Find out how. ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
