WebGoat by OWASP is a good platform to learn and practice web application security. For me, I just used it in a meeting with our app development and operation teams to show how a web app could easily be compromised due to lacking of security consideration in design and maintenance phase.
As far as I know, the feedback is good, and they started to show interests and ask questions on web/app security. Instead of boring slides with statistics such as threats trends, defaced pages and phishing sites distribution, WebGoat is a good tool to show your expertise to convince technical guys.
Another tool to work with WebGoat is WebScarab, a http proxy to intercept client request and server response, allowing you to modify data, that means, launch an attack.
Monday, March 16, 2009
Subscribe to:
Post Comments (Atom)
good GNU Project!~~
ReplyDeleteYour website contain a lot of stuff related to security and i believe it is really helpful to many people out there. thanks for sharing the info and the links with us
ReplyDelete