Pete Finnigan's SQL Server Security Blog

Cookie Policy:We only use essential cookies on small sections of this website. For details see here.


SQL Server Security
Blog Archives
Oracle Security
Oracle Security Blog

Greymatter Forums

October 2005
SMTWTFS
      1
2345678
9101112131415
16171819202122
23242526272829
3031     

RSS 1.0 FEED
RSS 2.0 FEED
Atom 0.3 FEED
Powered by gm-rss 2.0.0


Valid XHTML 1.0!

Powered By Greymatter

Home » Archives » October 2005 » WebGoat an excellent application for testing web security

[Previous entry: "David Litchfield has a good paper on SQL Injection methods"] [Next entry: "Chip Andrews SQL lock down script"]

10/10/2005: "WebGoat an excellent application for testing web security"


Few people have open access to full blown web based business applications that they can use to practice all manner of web based attacks. The Open Web Application Security Project has created a full J2EE web application called WebGoat that is aimed at allowing people to practice various attack vectors whilst giving on line lessons on how to perform the attacks. The tool includes examples for Cross Site Scripting, SQL Injection, blind SQL, weak session identifiers and many more. This is a great tool for those wishing to learn about web application security.