[prev in list] [next in list] [prev in thread] [next in thread]
List: websecurity
Subject: RE: [WEB SECURITY] "hack-me" Ajax apps?
From: "Jeff Robertson" <jeff.robertson () digitalinsight ! com>
Date: 2006-08-16 18:20:07
Message-ID: BA71243C5785D045B0C9C2CB926FDB10019C3104 () ATLEXM01 ! corp ! ad ! diginsite ! com
[Download RAW message or body]
I was thinking mainly of authorization and authentication (or lack
thereof). Web services that let "anybody" call them and get data that
should require auth, etc.
> -----Original Message-----
> From: kurt@xxxxxxxxxxxxxxx [mailto:kurt@xxxxxxxxxxxxxxx]
> Sent: Wednesday, August 16, 2006 14:26
> To: Jeff Robertson; webappsec@xxxxxxxxxxxxxxxxx;
> websecurity@xxxxxxxxxxxxx
> Subject: Re: [WEB SECURITY] "hack-me" Ajax apps?
>
> Jeff-
>
> I have an AJAX-enabled version of BadStore.net that is
> basically ready for distribution (awaiting primarily
> documentation updates). There is an AJAX search function
> that hits against a MySQL table and returns XML data through
> CGI::AJAX.
>
> The current public version of BadStore.net is v1.2.3 and has
> basic WebAppSec demo capabilities. The AJAX/Web Services is
> v2.1.x and I can email you a Beta for review and comment. If
> you're interested in contributing your coding talents to this
> open-source project, that would also be encouraged and appreciated!
>
> What AJAX hacking capabilities are you looking for??? It
> should be relatively easy to bake it in, as the
> infrastructure is already in place.
>
> -Kurt
>
> PS - BadStore.net is a GNU-licensed open-source demo,
> training, and evaluation platform for WebAppSec. It's a
> bootable distro that's distibuted as an .iso image that runs
> a vulnerable server/app directly or under virtualization
> (VMWare, Que, etc.) requiring only 128MB memory.
> BadStore.net is LAMP (Linux Apache MySQL and Perl) and
> requires no installation - just boot and point a browser at
> it. When you hack it to death, just reboot and you're back
> where you started.
> -----Original Message-----
>
> From: "Jeff Robertson" <jeff.robertson@xxxxxxxxxxxxxxxxxx>
> Subj: [WEB SECURITY] "hack-me" Ajax apps?
> Date: Wed Aug 16, 2006 5:13 am
> Size: 480 bytes
> To: <webappsec@xxxxxxxxxxxxxxxxx>,<websecurity@xxxxxxxxxxxxx>
>
> Where could I find hackable, fake, Ajax application? Like
> webgoat, etc., but all Ajax?
>
> If the answer is to "write one", I'm willing, but I'd rather
> not reinvent any wheels.
>
>
> --------------------------------------------------------------
> --------------
> The Web Security Mailing List:
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
>
>
>
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic