Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [WEB SECURITY] "hack-me" Ajax apps?

from [kurt] Network Security [Permanent Link]
Subject: Re: [WEB SECURITY] "hack-me" Ajax apps?
Date: Wed, 16 Aug 2006 11:26:00 -0700 
Jeff-

I have an AJAX-enabled version of BadStore.net that is basically ready for 
distribution (awaiting primarily documentation updates).  There is an AJAX 
search function that hits against a MySQL table and returns XML data through 
CGI::AJAX.

The current public version of BadStore.net is v1.2.3 and has basic WebAppSec 
demo capabilities.  The AJAX/Web Services is v2.1.x and I can email you a Beta 
for review and comment.  If you're interested in contributing your coding 
talents to this open-source project, that would also be encouraged and 
appreciated!

What AJAX hacking capabilities are you looking for???  It should be relatively 
easy to bake it in, as the infrastructure is already in place. 

-Kurt

PS - BadStore.net is a GNU-licensed open-source demo, training, and evaluation 
platform for WebAppSec.  It's a bootable distro that's distibuted as an .iso 
image that runs a vulnerable server/app directly or under virtualization 
(VMWare, Que, etc.) requiring only 128MB memory.  BadStore.net is LAMP (Linux 
Apache MySQL and Perl) and requires no installation - just boot and point a 
browser at it.  When you hack it to death, just reboot and you're back where 
you started.
-----Original Message-----

From:  "Jeff Robertson" <jeff.robertson@digitalinsight.com>
Subj:  [WEB SECURITY] "hack-me" Ajax apps?
Date:  Wed Aug 16, 2006 5:13 am
Size:  480 bytes
To:  <webappsec@securityfocus.com>,<websecurity@webappsec.org>

Where could I find hackable, fake, Ajax application? Like webgoat, etc.,
but all Ajax?

If the answer is to "write one", I'm willing, but I'd rather not
reinvent any wheels.


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]




-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Mitm new?, Jeff Robertson
Next by Date:  Re: Comparison report on web app security scanners now translated to English, Rogan Dawes
Previous by Thread:  RE: [WEB SECURITY] "hack-me" Ajax apps?, Jeff Robertson
Next by Thread:  Mitm new?, Jeff Robertson
Indexes:  [Date] [Thread] [Top] [All Lists]