Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security. Vulnerabilities SQL Injection XSS (Cross Site Scripting) LFI (Local File Inclusion) RFI (Remote […]
web-security
Slowloris – HTTP DoS Tool in PERL
[ad] This tool has been hitting the news, including some mentions in the SANS ISC Diary. It’s not actually a new attack (it’s been around since 2005) but this is the first time a packaged tool has been released for the attack. Slowloris holds connections open by sending partial HTTP requests. It continues to send […]
Fiddler – Web Debugging Proxy For HTTP(S)
[ad] Recently I posted about Charles Web Debugging Proxy and quite a few people mentioned they had been using Fiddler. Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler […]
Charles Web Debugging Proxy – HTTP Monitor & Reverse Proxy
[ad] Charles is an HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP traffic between their machine and the Internet. This includes requests, responses and the HTTP headers (which contain the cookies and caching information). Charles can act as a man-in-the-middle for HTTP/SSL communication, enabling you […]
OWASP (Open Web Application Security Project) Testing Guide v3 Released
[ad] This project’s goal is to create a “best practices” web application penetration testing framework which users can implement in their own organizations and a “low level” web application penetration testing guide that describes how to find certain issues. Version 3 of the Testing Guide was released in last month in December 2008, the project […]