web app sec testing sites

Saw this on the SecurityFocus pen-testers mailing list and thought I would capture them here for future reference. These are some sites/tools to help evaluate web app security scanner tools.

SPI Dynamics zero.webappsecurity.com
Cenzic crackme.cenzic.com
Foundstone SASS tools
OWASP WebGoat
OWASP SiteGenerator
Watchfire demo site
Acunetix php test site

Typically, lots of the online “hack me” or “hacker challenge” sites like some in my right menu list tend to touch on web-borne “hacks” for their challenges as opposed to anything else. May get some mileage from them as well. Most also can be Googled for solutions should you get stuck and want to just learn quickly.

5 thoughts on “web app sec testing sites

Comments are closed.