background preloader

OWASP WebScarab Project

OWASP WebScarab Project
Related:  Penetration Testing Tools and How2s

BugiX - Security Research Nikto2 Nikto is sponsored by Netsparker, a dead accurate and easy to use web application security solution. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Nikto is not designed as a stealthy tool. Not every check is a security problem, though most are.

Wireshark · Go deep. webgoat - Project Hosting on Google Code After 1,000,000+ downloads and 10+ years, we have started an effort to significantly upgrade WebGoat. We are looking for help. If you have experience in any of these areas and time to contribute: UI Design Spring MVC JavaEE ESAPI and other security controls Application attacks (lessons revamp) Technical writing Please contact Bruce Mayhew (webgoat AT owasp DOT org). The source code repository has moved to github, You can find us at There are many WebGoat repositories on GitHub. WebGoat is a deliberately insecure J2EE web application designed to teach web application security lessons. Why the name 'WebGoat'? Goals Web application security is difficult to learn and practice. The primary goal of the WebGoat project is simple: create a de-facto interactive teaching environment for web application security. Questions If you have questions or suggestions regarding WebGoat, send email to Bruce Mayhew at "webgoat AT owasp DOT org" Releases WebGoat 5.4 Standard:

IronWASP - Iron Web application Advanced Security testing Platform Jpcap Tutorial This document describes how to develop applications using Jpcap. It explains the functions and classes defined in Jpcap, and also provides comprehensive descriptions on how to program using Jpcap by showing some example codes. Jpcap is an open source library for capturing and sending network packets from Java applications. It provides facilities to: , and is implemented in C and Java. Jpcap has been tested on Microsoft Windows (98/2000/XP/Vista), Linux (Fedora, Ubuntu), Mac OS X (Darwin), FreeBSD, and Solaris. Jpcap can be used to develop many kinds of network applications, including (but not limited to): from the host protocols (e.g., TCP/IP). A NetworkInterface object contains some information about the corresponding network interface, such as its name, description, IP and MAC addresses, and datatlink name and description. The following sample code obtains the list of network interfaces and prints out their information. //Obtain the list of network interfaces //for each network interface

Armorize Blog IBM - Software - IBM Security AppScan Static and dynamic application security testing throughout the application lifecycle IBM Security AppScan Trial Try a full-featured version of the software IBM Security AppScan Trial Try a full-featured version of the software IBM® Security AppScan® enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. Product editions: Arxan Application Protection for IBM Solutions: Expand mobile security with application hardening and cryptographic key protection. IBM Application Security on Cloud: Help secure Web, mobile and desktop applications by detecting a wide range of pervasive and published security vulnerabilities. IBM Security AppScan Enterprise: Mitigate application security risk, strengthen program management and achieve regulatory compliance. IBM Security AppScan Source: Lower costs and reduce risk exposure by identifying vulnerabilities early in development cycle. View video

pcap In the field of computer network administration, pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as WinPcap. Features[edit] libpcap and WinPcap provide the packet-capture and filtering engines of many open source and commercial network tools, including protocol analyzers (packet sniffers), network monitors, network intrusion detection systems, traffic-generators and network-testers. libpcap and WinPcap also support saving captured packets to a file, and reading files containing saved packets; applications can be written, using libpcap or WinPcap, to be able to capture network traffic and analyze it, or to read a saved capture and analyze it, using the same analysis code. The MIME type for the file format created and read by libpcap and WinPcap is application/vnd.tcpdump.pcap. libpcap[edit] WinPcap[edit] WinPcap consists of:[7]