Penetration Testing mailing list archives
Re: WAF Testing..suggestions??
From: Tasos Laskos <tasos.laskos () gmail com>
Date: Fri, 27 Aug 2010 17:45:58 +0300
Hi, On 23/08/10 18:16, false wrote:
I need to test my WAF. I want to set up a simple network in the lab like this: XP or Linux client<--> WAF<--> Honeypot/test webserver 1) Does anyone have any suggestions on what I can use to simulate/generate attacks/suspicous traffic towards the weberver from my client?
How about a web app security scanner? Skipfish, WebSecurify, W3af?
You don't need to do that, just setup Linux in a VM and use tcpdump to dump the traffic into a file for later analysis. If you want to analyze the traffic that is...otherwise a simple Linux VM will suffice.2) Is there a honeypot image out there that I can download that would be good to be the role of my test webserver?
Cheers, Tasos.
Any suggestions or ideas are very much appreciated. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- WAF Testing..suggestions?? false (Aug 27)
- Re: WAF Testing..suggestions?? Tasos Laskos (Aug 27)
- RE: WAF Testing..suggestions?? DucNguyen (Aug 27)
- RE: WAF Testing..suggestions?? Roland Lindsey (Aug 27)
- Re: WAF Testing..suggestions?? Dotzero (Aug 27)
- Re: WAF Testing..suggestions?? Tasos Laskos (Aug 27)