Estudando sobre Vulnerabilidades em Aplicações Web.

Ao Tirar a certificação na Ferramenta AppScan, que realiza testes Automatizados de Segurança, tive a necessidade de aprender mais sobre as vulnerabilidades na camada de aplicação. Me encontro em momento com a ferramentas e questiono será que realmente é um problema ou um falso positivo, o único jeito de saber é no braço, tentando realizar o teste de forma manual, em muitos deles consigo realizar de forma manual e outros não, a forma melhor de estudar é estudando o código vulnerável, segue vários deles abaixo, o Damn Vulnerable Web Application e o WebGoat achei os melhores, mas tive dificuldades de rodar remotamente, pra isso baixem a iso dele http://sourceforge.net/projects/owaspbwa/, já vem com servidor configurado, basta startar, pegar o ip remoto e executar remotamente via browser. Espero que tenham um bom estudo!

• The BodgeIt Store (Java): http://code.google.com/p/bodgeit/ (download)
• The ButterFly Security Project (PHP): http://sourceforge.net/projects/thebutterflytmp/ (download)
• Damn Vulnerable Web Application – DVWA (PHP): http://www.dvwa.co.uk (download)
• OWASP Hackademic Challenges Project (PHP): https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project (download)
• Google Gruyere (Python): http://google-gruyere.appspot.com (download)
• Hacme Bank (.NET): http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx (download)
• Hacme Books (Java): http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx (download)
• Hacme Casino (Ruby on Rails): http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx (download)
• Hacme Shipping (ColdFusion): http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx (download)
• Hacme Travel (C++): http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx (download)
• OWASP Insecure Web App Project (Java): https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project (download – orphaned)
• Mutillidae (PHP): http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10 (download)
• OWASP .NET Goat (C#): https://owasp.codeplex.com (download)
• Peruggia (PHP): http://peruggia.sourceforge.net (download)
• Puzzlemall (Java): https://code.google.com/p/puzzlemall/ (download) (docs)
• Stanford Securibench (Java) & Micro: http://suif.stanford.edu/~livshits/securibench/ (download)
• OWASP Vicnum Project (Perl & PHP): https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project (download)
• VulnApp (.NET): http://www.nth-dimension.org.uk/blog.php?id=88 (CVS download & vulns)
• WackoPicko (PHP): https://github.com/adamdoupe/WackoPicko (download) (whitepaper)
• OWASP WebGoat (Java): https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project (download) (guide)
• OWASP ZAP WAVE – Web Application Vulnerability Examples (Java): http://code.google.com/p/zaproxy/downloads/list
• Wavsep – Web Application Vulnerability Scanner Evaluation Project (Java): https://code.google.com/p/wavsep/ (download) (docs)

Virtual Machines (VMs) or ISO images: The following list references preinstalled and ready to use virtual machines (VMs) or ISO images that contain one or multiple vulnerable web applications to play with.

• BadStore (ISO): http://www.badstore.net (download – registration required)
• OWASP BWA – Broken Web Applications Project (VMware – list): https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project (download)
• Exploit.co.il Vuln Web App (VMware): http://exploit.co.il/projects/vuln-web-app/ (download)
• Hackxor (VMware): http://hackxor.sourceforge.net/cgi-bin/index.pl (download) (hints&tips)
• LAMPSecurity (VMware): http://sourceforge.net/projects/lampsecurity/ (download) (doc)
• Metasploitable (VMware): http://blog.metasploit.com/2010/05/introducing-metasploitable.html (download – torrent) (doc)
• Moth (VMware): http://www.bonsai-sec.com/en/research/moth.php (download)
• Samurai WTF (ISO – list): http://www.samurai-wtf.org (download)
• Sauron (Quemu) [Spanish]: http://sg6-labs.blogspot.com/2007/12/secgame-1-sauron.html (solutions)
• UltimateLAMP (VMware – list): http://ronaldbradford.com/blog/ultimatelamp-2006-05-19/ (download)
• Web Security Dojo (VMware, VirtualBox – list): http://www.mavensecurity.com/web_security_dojo/ (download)

Online/Live: Segue alguma referencias Online.

• Acunetix:

• http://testasp.vulnweb.com (Forum – ASP)
• http://testaspnet.vulnweb.com (Blog – .NET)
• http://testphp.vulnweb.com (Art shopping – PHP)
• Cenzic CrackMeBank: http://crackme.cenzic.com
• HP/SpiDynamics Free Bank Online: http://zero.webappsecurity.com (admin/admin)
• IBM/Watchfire AltoroMutual: http://demo.testfire.net (jsmith/Demo1234)
• OWASP Hackademic Challenges Project – Live (PHP – Joomla): http://hackademic1.teilar.gr