找到你要的答案

Q:webapp penetration testing on dummy application

Q:在虚拟应用程序渗透测试

does someone know where I can find webapplications, on which i can legaly try my pentesting skills like a dummy application or sth? I heard there were some on the OWASP page, but I cant find any. I'll write my thesis about pentesting web applications, and would like to do some tests.

Thanks, katy

有人知道我在哪里可以找到的Web应用,在那我可以尽我的能力就像一个渗透测试legaly虚拟应用程序或某事吗?我听见有人在OWASP页面,但我找不到任何。我会写我对渗透测试Web应用的论文,并想做一些测试。

Thanks, katy

answer1: 回答1:

There is website pprovided by OWASP themselves, which is intended exactly for that. It is called WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE (this page) or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

有网站pprovided由OWASP本身,其目的是准确的。它被称为代罪羔羊

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE (this page) or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

security  testing  web-applications  owasp