Tag Archive | "owasp"


07 October 2013 | 3,352 views

Mutillidae – Vulnerable Web-Application To Learn Web Hacking

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest to learn web hacking. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP for users who do not want to administrate a webserver. It is pre-installed on SamuraiWTF, Rapid7 Metasploitable-2, and OWASP BWA. The [...]

Continue Reading


12 June 2013 | 2,905 views

OWASP Bricks – Modular Deliberately Vulnerable Web Application

Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to ‘break the bricks’. Road Map Demonstrate maximum variations of most common vulnerabilities Help people to learn the need of secure [...]

Continue Reading


06 December 2012 | 2,269 views

TLSSLed v1.2 – Evaluate The Security Of A Target SSL Or TLS (HTTPS) Web Server Implementation

When running web application security assessments it is mandatory to evaluate the security stance of the SSL/TLS (HTTPS) implementation and configuration. OWASP has a couple of references the author strongly recommends taking a look at, the “OWASP-CM-001: Testing for SSL-TLS” checks, part of the OWASP Testing Guide v3, and the Transport Layer Protection Cheat Sheet. [...]

Continue Reading


01 November 2011 | 12,952 views

DirBuster – Brute Force Directories & Files Names

DirBuster is another great tool from the OWASP chaps, it’s basically a multi threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. [...]

Continue Reading


20 June 2011 | 10,962 views

Zed Attack Proxy – ZAProxy v1.3.0 Released – Integrated Penetration Testing Tool

It’s been a while since the last time we wrote about the OWASP ZAP – Zed Attack Proxy for Web Application Penetration Testing, back in October 2010. ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range [...]

Continue Reading


26 April 2011 | 10,869 views

OWASP Hatkit Proxy Project – HTTP/TCP Intercepting Proxy Tool

The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves (WebScarab/Burp/Paros etc). Also, since the http traffic is stored in a MongoDB, the traffic is [...]

Continue Reading


07 October 2010 | 15,631 views

OWASP ZAP – Zed Attack Proxy – Web Application Penetration Testing

The Zed Attack Proxy (ZAP) is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications. It is designed to be used by people with a wide range of security experience and as such is ideal for developers and functional testers who a new to penetration testing. ZAP provides automated scanners [...]

Continue Reading


16 March 2010 | 7,041 views

OWASP CodeCrawler – Static Code Review Tool

CodeCrawler is a tool aimed at assisting code review practitioners. It is a static code review tool which searches for key topics within .NET and J2EE/JAVA code. It’s a Microsoft .NET 3.5 Windows Form application which supports the OWASP Code Review Project. It provides automatic STRIDE classification a very simple DREAD calculator and few minor [...]

Continue Reading


12 January 2009 | 7,326 views

OWASP (Open Web Application Security Project) Testing Guide v3 Released

This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations and a “low level” web application penetration testing guide that describes how to find certain issues. Version 3 of the Testing Guide was released in last month in December 2008, the project was [...]

Continue Reading


08 July 2008 | 5,451 views

Pantera – Web Application Analysis Engine

Pantera is actually using an improved version of SPIKE Proxy and is a project under the umbrella of OWASP. It’s aiming to be a more automated method for testing Web Application Security. Features User-friendly custom web GUI. (CSS): Pantera itself is a web application that runs inside the browser and can be customized using CSS [...]

Continue Reading


Popular Tags

computer-security · darknet · exploits · google · hacking · hacking-networks · hacking-websites · hacking-windows · hacking tool · Hacking Tools · Information-Security · information gathering · malware · microsoft · network-security · Network Hacking · Password Cracking · penetration-testing · Phishing · Privacy · Python · scammers · Security · Security Software · spam · spammers · sql-injection · trojan · trojans · virus · viruses · vulnerabilities · web-application-security · web-security · Web Hacking · windows · windows-security · Windows Hacking · worms · XSS ·