[OWASP-Raleigh, NC] June Meeting Recap

Michael Menefee mmenefee at gmail.com
Thu Jun 11 08:26:25 EDT 2009


Thanks for everyone that showed up and participated in last night's 
meeting. As promised, here is a list of the tools and resources we 
either demonstrated or discussed:

_*Proxy Servers:*_
*WebScarab*: 
http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Download
*Burp:* http://www.portswigger.net/suite/download.html
*Paros:* http://www.parosproxy.org/download.shtml

_*Firefox Plugins:*_
*Tamper Data:* https://addons.mozilla.org/en-US/firefox/addon/966
*NoScript:* http://noscript.net/getit
*ShowIP:* https://addons.mozilla.org/en-US/firefox/addon/590
*SwitchProxy:* https://addons.mozilla.org/en-US/firefox/addon/125
*SQL Inject Me*: https://addons.mozilla.org/en-US/firefox/addon/7597
*XSS Me:* https://addons.mozilla.org/en-US/firefox/addon/7598
*ViewStatePeeker*: https://addons.mozilla.org/en-US/firefox/addon/7167

Many of these are included in a single plugin distribution here: 
https://addons.mozilla.org/en-US/firefox/collection/webappsec

_*Some SQL Injection Tools we Discussed:*_

SQLMap: http://sqlmap.sourceforge.net/
SQLNinja: http://sqlninja.sourceforge.net/
Pangolin: http://www.nosec.org/en/pangolin.html

_*Test Applications that wont land you in Prison:*_
WebGoat: 
http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824&release_id=613045 
<http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=61824&release_id=613045>
Hacme Series: http://www.foundstone.com/us/resources-free-tools.asp 
(look under SASS Tools)

    * http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
    * http://testasp.acunetix.com/Default.asp
    * http://test.acunetix.com/
    * http://hackme.ntobjectives.com/
    * http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
    * http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
    * http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
    * http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
    * http://zero.webappsecurity.com/
    * http://www.hackertest.net/
    * http://www.hackthissite.org/
    * http://www.mavensecurity.com/WebMaven.php
    * http://ha.ckers.org/challenge/
    * http://ha.ckers.org/challenge2/
    * http://demo.testfire.net/
    * http://scanme.nmap.org/
    * http://www.hellboundhackers.org/
    * http://www.overthewire.org/wargames/
    * http://roothack.org/
    * http://heorot.net/
    * http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

    * http://wocares.com/xsstester.php
    * https://how2hack.net
    * http://hax.tor.hu/


Enjoy!

Mike
-- 
Michael S. Menefee, CISSP (#43728)
Principal Consultant, WireHead Security
North Carolina OWASP Chapter Leader
Phone: (919) 863-4373
Cell: (919) 271-8883
Fax: (919) 882-8044
Email: mmenefee at wireheadsecurity.com <mailto:mmenefee at wireheadsecurity.com>
Website: www.wireheadsecurity.com <http://www.wireheadsecurity.com/>



More information about the Owasp-raleigh mailing list