Web Application Security
securing a deliberately vulnerable web app Jul 03 2011 10:51PM
Robin Wood (robin digininja org) (2 replies)
This is a question for anyone who runs a deliberately vulnerable web
app on a public facing site to allow people to test hacking it or to
test vulnerability scanners against it. I'm thinking of things like
http://test.acunetix.com/ .

What I'd like to know is how you go about securing the box the sites
are running on. Obviously you need the site running on its own server,
preferably airgapped from the rest of your network but how do you
protect yourself from attackers getting on the box then pivoting from
it to do a real attack to someone else? I'm guessing it is something
like a VM that is automatically rolled back periodically so even if
someone tries then they only have a limited attack window but are
there any other things people do?

I'm asking because I've got an idea for a new public service which
would involve putting up an app that is vulnerable but I'd like to
make sure that if I do I protect myself as much as possible.

Robin

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: securing a deliberately vulnerable web app Jul 06 2011 01:35PM
Vedantam Sekhar (vedantamsekhar gmail com) (2 replies)
Re: securing a deliberately vulnerable web app Jul 08 2011 04:39PM
dreamwvr (dreamwvr dreamwvr com) (1 replies)
Re: securing a deliberately vulnerable web app Jul 11 2011 02:26PM
Robin Wood (robin digininja org)
Re: securing a deliberately vulnerable web app Jul 06 2011 02:45PM
Robin Wood (robin digininja org)
Re: securing a deliberately vulnerable web app Jul 05 2011 01:52AM
Jeremiah Cornelius (jeremiah nur net) (1 replies)
DOS Web App Jul 07 2011 12:08PM
elton Sheffield (qawsedr1234 hotmail co uk) (1 replies)
RE: DOS Web App Jul 08 2011 01:35AM
Rajesh Gopisetty (rgopise microsoft com)


 

Privacy Statement
Copyright 2010, SecurityFocus