Thread: [sqlmap-users] Good websites to test

Brought to you by: inquisb

This project can now be found here.

sqlmap-users

[sqlmap-users] Good websites to test

From: Wil R. <wil...@gm...> - 2010-12-03 22:07:25

Anyone have good websites that they like to test on? I've done most of my testing on Acunetix. I'd like to expand my test cases. I'm talking legally of course; perhaps an environment like Damn Vulnerable Linux. Thank you.

Sent from my iPhone

Re: [sqlmap-users] Good websites to test

From: Steve P. <ste...@gm...> - 2010-12-03 22:33:26

Attachments: smime.p7s

On 12/03/2010 05:07 PM, Wil Ruiz wrote:
> Anyone have good websites that they like to test on? I've done most of
my testing on Acunetix. I'd like to expand my test cases. I'm talking
legally of course; perhaps an environment like Damn Vulnerable Linux.
Thank you.


Moth (http://sourceforge.net/projects/w3af/files/moth/moth/) and OWASP
BWA (http://code.google.com/p/owaspbwa/) are good choices with some
synthetic broken apps as well as old vulnerable versions of open source
apps.

The Phoenix OWASP chapter also has a list of online targets (and other
information). Somewhat old, but covers most of what's out there.

http://www.owasp.org/index.php/Phoenix/Tools
-- 
 | Steven Pinkham, Security Consultant    |
 | http://www.mavensecurity.com           |
 | GPG public key ID CD31CAFB             |

Re: [sqlmap-users] Good websites to test

From: Bernardo D. A. G. <ber...@gm...> - 2010-12-05 10:38:16

WebGoat, http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
DVWA, http://www.dvwa.co.uk/
Mutillidae, http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

A more comprehensive guide, including online applications can be found
here, http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning/

If you know about SQL injections in any of those applications that
sqlmap does not recognize (try with latest version and with --level 5
--risk 3), please let me know.

Cheers,
Bernardo


On 3 December 2010 22:33, Steve Pinkham <ste...@gm...> wrote:
> On 12/03/2010 05:07 PM, Wil Ruiz wrote:
>> Anyone have good websites that they like to test on? I've done most of
> my testing on Acunetix. I'd like to expand my test cases. I'm talking
> legally of course; perhaps an environment like Damn Vulnerable Linux.
> Thank you.
>
>
> Moth (http://sourceforge.net/projects/w3af/files/moth/moth/) and OWASP
> BWA (http://code.google.com/p/owaspbwa/) are good choices with some
> synthetic broken apps as well as old vulnerable versions of open source
> apps.
>
> The Phoenix OWASP chapter also has a list of online targets (and other
> information). Somewhat old, but covers most of what's out there.
>
> http://www.owasp.org/index.php/Phoenix/Tools
> --
>  | Steven Pinkham, Security Consultant    |
>  | http://www.mavensecurity.com           |
>  | GPG public key ID CD31CAFB             |
>
>
> ------------------------------------------------------------------------------
> Oracle to DB2 Conversion Guide: New IBM DB2 features make compatibility easy.
> Learn about native support for PL/SQL, new data types, scalar functions,
> improved concurrency, built-in packages, OCI, SQL*Plus, data movement tools,
> best practices and more - all designed to run applications on both DB2 and
> Oracle platforms. http://p.sf.net/sfu/oracle-sfdev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F