Penetration Testing mailing list archives
Re: WAF Testing..suggestions??
From: Yiannis Koukouras <ikoukouras () gmail com>
Date: Wed, 1 Sep 2010 18:45:44 +0300
Hi False, You can also try Http Parameter Pollution (HPP) attacks http://www.securitytube.net/HTTP-Parameter-Pollution-%28HPP%29-Attack-video.aspx Cheers, Ioannis (Yiannis) Koukouras CISSP, CISA, CISM MSc in Computer Systems Security BEng in Electronic Engineering http://www.linkedin.com/in/ikoukouras --- The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately by responding to this email and then delete it from your system. On Fri, Aug 27, 2010 at 10:59 PM, Dotzero <dotzero () gmail com> wrote:
Try waffit - http://code.google.com/p/waffit/source/checkout On Mon, Aug 23, 2010 at 11:16 AM, false <jctx09 () yahoo com> wrote:I need to test my WAF. I want to set up a simple network in the lab like this: XP or Linux client <--> WAF <--> Honeypot/test webserver 1) Does anyone have any suggestions on what I can use to simulate/generate attacks/suspicous traffic towards the weberver from my client? 2) Is there a honeypot image out there that I can download that would be good to be the role of my test webserver? Any suggestions or ideas are very much appreciated. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: WAF Testing..suggestions?? Yiannis Koukouras (Sep 01)
- <Possible follow-ups>
- Re: WAF Testing..suggestions?? bin4ry (Sep 01)
- RE: WAF Testing..suggestions?? K K Mookhey (Sep 07)
- Re: WAF Testing..suggestions?? Dotzero (Sep 08)
- RE: WAF Testing..suggestions?? K K Mookhey (Sep 07)