OWASP WebGoat + WebScarab

OWASP WebGoat + WebScarab

 

鬼仔注：看到 TR那里放了几个链接，这里来个详细的，我英文很烂，就不翻译了。

一、OWASP WebScarab Project
a tool for performing all types of security testing on web applications and web services

下载地址： OWASP Source Code Center at Sourceforge

安装方法：
Linux: java -jar ./webscarab-selfcontained-[numbers].jar
Windows: double-click the installer jar file

A Mac OS X package of the latest version can usually be found on Corsaire's download page.

You can also try the Java Web Start version, which was signed by Rogan Dawes.

演示&教程下载地址：
1. [url]http://sourceforge.net/project/showfiles.php?group_id=233075&package_id=286265[/url]
2. [url]http://yehg.net/lab/pr0js/training/webscarab.php[/url]

截图：

详情： [url]http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project[/url]

二、OWASP WebGoat Project
an online training environment for hands-on learning about application security
鬼仔注：也是WebScarab的那些演示中用的那套系统。

下载地址： Google code downloads

安装方法：
* Double-click on webgoat.bat - a Tomcat command window starts
* Browse to [url]http://localhost/WebGoat/attack[/url]

用户手册： WebGoat User and Install Guide

演示&教程下载地址： [url]http://yehg.net/lab/pr0js/training/webgoat.php[/url]

截图：

详情： [url]http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project[/url]