Web Applications Security

Hi does anybody know of any other programs similar to Webgoat for the demonstration of web applicatio开发者_如何学编程n security flaws?

There are plenty of them. Some hosted, some for local installation. Some targeted more to teaching about web security, others for testing. Fortunately some folks already made some lists:

http://slogic.net/training/vulnerable-web-applications-to-learn-web-application-testing-skills

http://securitythoughts.wordpress.com/2010/03/22/vulnerable-web-applications-for-learning

http://www.owasp.org/index.php/Phoenix/Tools#Testing_grounds

I personally would start with Google Gruyere (http://google-gruyere.appspot.com/).

There is a really good list in here: http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime/

The big ones I would think of would be Fortify and HP WebInspect.

Fortify will scan the source code and find potential vulnerabilities HP WebInspect will scan/brute force a website in production and find/report actual vulnerabilities.

Both require a fairly expensive license.

Also take a look at Codebashing - They are a SaaS based elearning platform that provide interactive application security wargames.

http://www.dvwa.co.uk/ http://www.itsecgames.com/ https://www.owasp.org/index.php/OWASP_Bricks#tab=Main https://sourceforge.net/projects/mutillidae/
Also I Like dawa And murillidae That is Realy Intresting.

Take a look at:

• OWASP Testing Project

• Acunetix Web Security Scanner

Acunetix WVS automatically checks your web applications for SQL Injection, XSS & other web vulnerabilities.