web application firewall
-
(bkz: imperva)
-
(bkz: radware)
-
(bkz: modsecurity)
-
web uygulama güvenlik duvarı olarak türkçeye çevrilip, literatürümüze yerleşmiş olup, görevi web trafiği üzerinde inceleme yaparak anormal davranışları olan istekleri engellemektir. (bkz: waf)
-
(bkz: netscaler appfirewall)
-
-
ismi firewall olduğundan ve next generation firewall urunlerine satis steajesi geliştirirken bunlari surekli karaladigindan ve gereksiz olduğunu soyledikşerinden ulkemizde cokca yer bulamamistir. fw layer 3 calismasi icin tasarlanmistir. layer 7 trafiğini kontrol edemezler. ederim diyenler vardır ama bunlarda her isi tam yapamazlar. eger e-ticaret, b2b gibi uygulamalarımız varsa gerekli bir urundur.
-
web uygulamarında bulunan zafiyetler üzerine pratik yapılabilecek siteleri aşağıda listeledim. okuyanın ilmi artsın.
badstore http://www.badstore.net/
bodgeıt store http://code.google.com/p/bodgeit/
butterfly security project http://thebutterflytmp.sourceforge.net/
bwapp http://www.mmeit.be/bwapp/
http://sourceforge.net/…ojects/bwapp/files/bee-box/
commix https://github.com/stasinopoulos/commix-testbed
cryptomg https://github.com/spiderlabs/cryptomg
damn vulnerable node application (dvna) https://github.com/quantumfoam/dvna/
damn vulnerable web app (dvwa) http://www.dvwa.co.uk/
damn vulnerable web services (dvws) http://dvws.professionallyevil.com/
drunk admin web hacking challenge https://bechtsoudis.com/…min-web-hacking-challenge/
exploit kb vulnerable web app http://exploit.co.il/projects/vuln-web-app/
foundstone hackme bank http://www.mcafee.com/…s/free-tools/hacme-bank.aspx
foundstone hackme books http://www.mcafee.com/…s/free-tools/hacmebooks.aspx
foundstone hackme casino http://www.mcafee.com/…free-tools/hacme-casino.aspx
foundstone hackme shipping http://www.mcafee.com/…ree-tools/hacmeshipping.aspx
foundstone hackme travel http://www.mcafee.com/…/free-tools/hacmetravel.aspx
gameover http://sourceforge.net/projects/null-gameover/
hackxor http://hackxor.sourceforge.net/cgi-bin/index.pl
hackazon https://github.com/rapid7/hackazon
lampsecurity http://sourceforge.net/projects/lampsecurity/
moth http://www.bonsai-sec.com/en/research/moth.php
nowasp / mutillidae 2 http://sourceforge.net/projects/mutillidae/
owasp bwa http://code.google.com/p/owaspbwa/
owasp hackademic http://hackademic1.teilar.gr/
owasp sitegenerator https://www.owasp.org/…ndex.php/owasp_sitegenerator
owasp bricks http://sourceforge.net/projects/owaspbricks/
owasp security shepherd https://www.owasp.org/….php/owasp_security_shepherd
pentesterlab https://pentesterlab.com/
phdays ibank ctf http://blog.phdays.com/…n-about-remote-banking.html
securibench http://suif.stanford.edu/~livshits/securibench/
sentineltestbed https://github.com/dobin/sentineltestbed
sockettome http://digi.ninja/projects/sockettome.php
sqli-labs https://github.com/audi-1/sqli-labs
mcır (magical code ınjection rainbow) https://github.com/spiderlabs/mcir
sqlilabs https://github.com/himadriganguly/sqlilabs
vulnapp http://www.nth-dimension.org.uk/blog.php?id=88
puzzlemall http://code.google.com/p/puzzlemall/
wackopicko https://github.com/adamdoupe/wackopicko
waed http://www.waed.info/
webgoat.net https://github.com/jerryhoff/webgoat.net/
websecurity dojo http://www.mavensecurity.com/web_security_dojo/
xvwa https://github.com/s4n7h0/xvwa
zap wave http://code.google.com/…etail?name=zap-wave-0.1.zip
ekşi sözlük kullanıcılarıyla mesajlaşmak ve yazdıkları entry'leri
takip etmek için giriş yapmalısın.
hesabın var mı? giriş yap