Xiaopei's DokuWiki

These are the good times in your life,
so put on a smile and it'll be alright

User Tools

Site Tools

Trace: owasp

Sidebar

友链

导航

it:secure:owasp

Table of Contents

OWASP

The Open Web Application Security Project

WebScarab

WebScarab is a web security application testing tool. It serves as a proxy intercepting web browser web requests and web server replies.

WebGoat

目标

我们希望通过 WebGoat 帮助测试人员掌握以下技能:

  • 理解web应用程序中的各种高级交互过程
  • 确定出有助于发动攻击的客户端可见数据
  • 识别和理解能将应用程序暴露在攻击之下的数据和用户交互
  • 对这些交互进行测试,并暴露出它们的漏洞
  • 攻击应用程序以演示和利用服务器的弱点

安装和运行

  1. 下载 WebGoat-OWASP_Standard-x.x.zip
  2. 解压
  3. 安装 jdk
  4. sudo sh webgoat.sh start8080
  5. 访问 http://127.0.0.1:8080/WebGoat/attack 或者 http://127.0.0.1:8080/webgoat/attack(看 .war 的名字)
  6. 用户名/密码: guest/guest
  7. sudo sh webgoat.sh stop

hack

webgoat_hack

refs

it/secure/owasp.txt · Last modified: 2013/08/19 07:22 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
CC Attribution-Noncommercial-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki