Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [WEB SECURITY] "hack-me" Ajax apps?

from [Jeff Robertson] Network Security [Permanent Link]
Subject: RE: [WEB SECURITY] "hack-me" Ajax apps?
Date: Wed, 16 Aug 2006 14:28:11 -0400 
I was thinking mainly of authorization and authentication (or lack
thereof). Web services that let "anybody" call them and get data that
should require auth, etc.


-----Original Message-----
From: kurt@shopdecorum.com [mailto:kurt@shopdecorum.com] 
Sent: Wednesday, August 16, 2006 14:26
To: Jeff Robertson; webappsec@securityfocus.com; 
websecurity@webappsec.org
Subject: Re: [WEB SECURITY] "hack-me" Ajax apps?

Jeff-

I have an AJAX-enabled version of BadStore.net that is 
basically ready for distribution (awaiting primarily 
documentation updates).  There is an AJAX search function 
that hits against a MySQL table and returns XML data through 
CGI::AJAX.

The current public version of BadStore.net is v1.2.3 and has 
basic WebAppSec demo capabilities.  The AJAX/Web Services is 
v2.1.x and I can email you a Beta for review and comment.  If 
you're interested in contributing your coding talents to this 
open-source project, that would also be encouraged and appreciated!

What AJAX hacking capabilities are you looking for???  It 
should be relatively easy to bake it in, as the 
infrastructure is already in place. 

-Kurt

PS - BadStore.net is a GNU-licensed open-source demo, 
training, and evaluation platform for WebAppSec.  It's a 
bootable distro that's distibuted as an .iso image that runs 
a vulnerable server/app directly or under virtualization 
(VMWare, Que, etc.) requiring only 128MB memory.  
BadStore.net is LAMP (Linux Apache MySQL and Perl) and 
requires no installation - just boot and point a browser at 
it.  When you hack it to death, just reboot and you're back 
where you started.
-----Original Message-----

From:  "Jeff Robertson" <jeff.robertson@digitalinsight.com>
Subj:  [WEB SECURITY] "hack-me" Ajax apps?
Date:  Wed Aug 16, 2006 5:13 am
Size:  480 bytes
To:  <webappsec@securityfocus.com>,<websecurity@webappsec.org>

Where could I find hackable, fake, Ajax application? Like 
webgoat, etc., but all Ajax?

If the answer is to "write one", I'm willing, but I'd rather 
not reinvent any wheels.


--------------------------------------------------------------
--------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]






-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Invitation, Slovenia and Italy; Journal Special Issues; c/bb, IPSI conference
Next by Date:  Mitm new?, Jeff Robertson
Previous by Thread:  Invitation, Slovenia and Italy; Journal Special Issues; c/bb, IPSI conference
Next by Thread:  Re: [WEB SECURITY] "hack-me" Ajax apps?, kurt
Indexes:  [Date] [Thread] [Top] [All Lists]