Legal hacking is possible as you can create a vulnerable platform to test any new vulnerability without breaking Lows. Person that is looking to test his skills without thinking about proxies or hide his activities and test new web exploits can consider BodgeIt. BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
Some of its features and characteristics:
- Easy to install – just requires java and a servlet engine, e.g. Tomcat
- Self contained (no additional dependencies other than to 2 in the above line)
- Easy to change on the fly – all the functionality is implemented in JSPs, so no IDE required
- Cross platform
- Open source
- No separate db to install and configure – it uses an ‘in memory’ db that is automatically (re)initialized on start up
You can install it localy by downloading and opening zip file, and then extract the war file into the webapps directory of your favorite servlet engine. Next you point your browser at (for example) http://localhost:8080/bodgeit .
You can automate vulnerability search using any web application pen testing tool such as:
- Nikto an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1000 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
- IBM Rationa Appscan a commercial product that was originally developed by Watchfire, and then has been purchased by IBM. It can automates application security testing by scanning applications, identifying vulnerabilities and generating reports with intelligent fix recommendations to ease remediation.
- HP WebInspect is a scanner that is now owned by HP but it has been firstly developed by SPI Dynamics. This one is the most successful security scanners as it thoroughly analyzes today’s complex Web applications. It delivers fast scanning capabilities, broad assessment coverage, extensive vulnerability knowledge, and accurate Web application scanning results.
- Burp Suite is an integrated platform for performing security testing of web applications. Its not a tool but a set of tools for pentesting. The most important part of the program is Burp Proxy, which is installed as a local web server and intercepts all HTTP / HTTPS traffic for later test and verification.
The list of tools can be much more extended as we can add sqlmap, Havij, Sqlsus, Acunetix, bsqlbf-v2 and much more. The idea behind these automated tools that can show things that a hacker can discover after several months in few days. And even with all these tools and security measures it is impossible to be sure that our application 100% secure.