Penetration Testing mailing list archives
RE: WAF Testing..suggestions??
From: Roland Lindsey <R.Lindsey () F5 com>
Date: Fri, 27 Aug 2010 16:45:04 +0000
The Testing Guide at OWASP will give you examples of most every major attack vector, as well as some instructions on how to test it. You can check it out here: http://www.owasp.org/index.php/OWASP_Testing_Guide_v3_Table_of_Contents Additionally, you could also put a WAF in front of Google Gruyere (http://google-gruyere.appspot.com/) Gruyere is an intentionally hackable web application and there are instructions provided on exactly how to hack it along every vector. Hope this helps! Roland Lindsey │Product Management Engineer www.f5.com IT Agility. Your Way. ________________________________________ From: listbounce () securityfocus com [listbounce () securityfocus com] on behalf of false [jctx09 () yahoo com] Sent: Monday, August 23, 2010 8:16 AM To: pen-test () securityfocus com Subject: WAF Testing..suggestions?? I need to test my WAF. I want to set up a simple network in the lab like this: XP or Linux client <--> WAF <--> Honeypot/test webserver 1) Does anyone have any suggestions on what I can use to simulate/generate attacks/suspicous traffic towards the weberver from my client? 2) Is there a honeypot image out there that I can download that would be good to be the role of my test webserver? Any suggestions or ideas are very much appreciated. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- WAF Testing..suggestions?? false (Aug 27)
- Re: WAF Testing..suggestions?? Tasos Laskos (Aug 27)
- RE: WAF Testing..suggestions?? DucNguyen (Aug 27)
- RE: WAF Testing..suggestions?? Roland Lindsey (Aug 27)
- Re: WAF Testing..suggestions?? Dotzero (Aug 27)
- Re: WAF Testing..suggestions?? Tasos Laskos (Aug 27)