WebApp Sec mailing list archives

Re: Web Pen Test Honeypot

From: "Jeff Robertson" <jeff.robertson () gmail com>
Date: Fri, 11 Jul 2008 14:40:27 -0400

Surely you mean WebGoat?

On Fri, Jul 11, 2008 at 9:13 AM, Thanasis Kostopoulos
<a.kostopoulos () gmail com> wrote:

OWASPs WebScarab

On Tue, Jul 8, 2008 at 11:39 PM, John Evans <admin () kilnar com> wrote:

Greetings,

I am in the middle of evaluating the wide variety of web security
pen-test tools that exist. I'm currently pointing each piece of software
to a site that I have written. None of the tools are finding issues.

My task right now is to find the right tool for the job, and the job is
finding web-based security issues. Either the tools are not working, or
my site is secure. I'm not willing to put money on which of the two is
true. :)

What I need is a web application that has known security issues. I would
prefer one that was intentionally written to have scanners pointed to it
for testing the scanners.

Does such a thing exist? I hope so, because I hardly have time right now
to write even the simplest web application that has all of the various
holes that I need to test for.

If someone could point me to a "web honeypot" that I could install in my
own environment I would appreciate it.

Thanks.


--
John Evans
Administrator of kilnar.com

-------------------------------------------------------------------------
Sponsored by: Watchfire Methodologies & Tools for Web Application Security
Assessment With the rapid rise in the number and types of security threats,
web application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be followed?
What tools can accelerate the assessment process? Download this Whitepaper
today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be 
considered a crucial phase in the development of any web application. What methodology should be followed? What tools 
can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Current thread:

Web Pen Test Honeypot John Evans (Jul 11)
- Re: Web Pen Test Honeypot Thanasis Kostopoulos (Jul 11)
  - Re: Web Pen Test Honeypot Jeff Robertson (Jul 11)
    - Re: Web Pen Test Honeypot Thanasis Kostopoulos (Jul 15)
- Re: Web Pen Test Honeypot Jamie Riden (Jul 11)
- Re: Web Pen Test Honeypot Mathias Huber (Jul 11)
- RE: Web Pen Test Honeypot Paul Melson (Jul 11)
- Re: Web Pen Test Honeypot James Landis (Jul 11)
  - RE: Web Pen Test Honeypot Alex Eden (Jul 15)
- RE: Web Pen Test Honeypot Stevens, Scott (Jul 11)
  - RE: Web Pen Test Honeypot Thakrar, Saurabh (Jul 11)
- <Possible follow-ups>
- Re: RE: Web Pen Test Honeypot mike (Jul 17)