banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thông tin về các địa chỉ và tài liệu hữu ích OWASP WebGoat Project  XML
  [Question]   OWASP WebGoat Project 17/04/2009 12:22:57 (+0700) | #1 | 177519
[Avatar]
1mp0ss1bl3
Member

[Minus]    0    [Plus]
Joined: 14/02/2008 21:32:58
Messages: 41
Location: ...
Offline
[Profile] [PM]
Introduction: WebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.

Goal: The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security...

The current lesson plans provided in WebGoatv5 include:

HTTP Basics
HTTP Splitting and Cache Poisining
How to Exploit Thread Safety Problems
How to Discover Clues in the HTML
How to Exploit Hidden Fields
How to Exploit Unchecked Email
How to Bypass Client Side JavaScript Validation
How to Force Browser Web Resources
How to Bypass a Role Based Access Control Scheme
How to Bypass a Path Based Access Control Scheme
LAB: Role based Access Control
Using an Access Control Matrix
How to Exploit the Forgot Password Page
How to Spoof an Authentication Cookie
How to Hijack a Session
Basic Authentication
LAB: Cross Site Scripting
How to Perform Stored Cross Site Scripting (XSS)
How to Perform Reflected Cross Site Scripting (XSS)
How to Perform Cross Site Trace Attacks (XSS)
Buffer Overflow (TBD)
HTTPOnly Test
How to Perform Command Injection
How to Perform Parameter Injection
How to Perform Blind SQL Injection
How to Perform Numeric SQL Injection
How to Perform String SQL Injection
How to Perform Log Spoofing
How to Perform XPATH Injection Attacks
LAB: SQL Injection
How to Bypass a Fail Open Authentication Scheme
How to Peform Basic Encoding
Denial of Service from Multiple Logins
How to Create a SOAP Request
How to Perform WSDL Scanning
How to Perform Web Service SAX Injection
How to Perform Web Service SQL Injection
How to Perform DOM Injection Attack
How to Perform XML Injection Attacks
How to Perform JSON Injection Attack
How to Perform Silent Transactions Attacks
How to Add a New Lesson
The Challenge

Source: hxxp://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
To achieve the impossible, one must thing the absurd - to look where everyone else has looked, but to see what no else has seen.
[Up] [Print Copy]
  [Question]   Re: OWASP WebGoat Project 18/04/2009 06:22:45 (+0700) | #2 | 177605
lamer
Elite Member

[Minus]    0    [Plus]
Joined: 26/02/2008 13:28:49
Messages: 215
Offline
[Profile] [PM]
Và http://www.owasp.org/index.php/Vietnam
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|