Dear John,
> What I need is a web application that has known security issues. I would
> prefer one that was intentionally written to have scanners pointed to it
> for testing the scanners.
though written for a slightly different purpose, OWASP's WebGoat might
be what you are looking for:
'WebGoat is a deliberately insecure J2EE web application maintained by
OWASP designed to teach web application security lessons.'
http://www.owasp.org/index.php/OWASP_WebGoat_Project
HTH,
Mathias
--
Mathias Huber, stellv. Chefredakteur Linux-Magazin Online
Linux New Media AG, Putzbrunner Str. 71, D-81739 Muenchen
Phone: +49 89 9934 1147 Fax: +49 89 9934 1198
mhuber@linuxnewmedia.de - http://www.linux-magazin.de
-----------------------------------------------------------
Sitz der Gesellschaft: Putzbrunner Str. 71, 81739 Muenchen
Amtsgericht Muenchen: HRB 129161
Vorstand: Rosemarie Schuster, Hermann Plank
Aufsichtsratsvorsitzender: Rudolf Strobl
-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------
Received on Jul 11 2008
Intro
