Re: [sqlmap-users] Good websites to test
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Good websites to test
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-12-05 10:38:16
|
WebGoat, http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project DVWA, http://www.dvwa.co.uk/ Mutillidae, http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 A more comprehensive guide, including online applications can be found here, http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/ If you know about SQL injections in any of those applications that sqlmap does not recognize (try with latest version and with --level 5 --risk 3), please let me know. Cheers, Bernardo On 3 December 2010 22:33, Steve Pinkham <ste...@gm...> wrote: > On 12/03/2010 05:07 PM, Wil Ruiz wrote: >> Anyone have good websites that they like to test on? I've done most of > my testing on Acunetix. I'd like to expand my test cases. I'm talking > legally of course; perhaps an environment like Damn Vulnerable Linux. > Thank you. > > > Moth (http://sourceforge.net/projects/w3af/files/moth/moth/) and OWASP > BWA (http://code.google.com/p/owaspbwa/) are good choices with some > synthetic broken apps as well as old vulnerable versions of open source > apps. > > The Phoenix OWASP chapter also has a list of online targets (and other > information). Somewhat old, but covers most of what's out there. > > http://www.owasp.org/index.php/Phoenix/Tools > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID CD31CAFB | > > > ------------------------------------------------------------------------------ > Oracle to DB2 Conversion Guide: New IBM DB2 features make compatibility easy. > Learn about native support for PL/SQL, new data types, scalar functions, > improved concurrency, built-in packages, OCI, SQL*Plus, data movement tools, > best practices and more - all designed to run applications on both DB2 and > Oracle platforms. http://p.sf.net/sfu/oracle-sfdev2dev > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
