Thanks all! I'm going through all of them.. Appreciate the help! On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood <jason@jwnetworkconsulting.com>wrote: > Damn Vulnerable Web Services has been released by Secure Ideas. > > http://dvws.professionallyevil.com > > > Jason > > > On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> > wrote: > > > > Hi All, > > > > As someone has compiled a list of all intentionally vulnerable web > applications, do we have any such list for web services? > > > > I need some vulnerable web-services for my learning. Thought if any of > you know any such available web-services? > > > > -- > > Thanks, > > Pankaj Upadhyay > > > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > -- Thanks, Pankaj Upadhyay

demo.testfire.net testphp.vulnweb.com testasp.vulnweb.com zero.webappsecurity.com crackme.cenzic.com webscantest.com Else spin a XAMMP or LAMP and put DVWA, webgoat or jarlsbery on it. Cheers Vj On 2 February 2014 23:30, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> wrote: > Thanks all! I'm going through all of them.. Appreciate the help! > > > On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood <jason@jwnetworkconsulting.com > > wrote: > >> Damn Vulnerable Web Services has been released by Secure Ideas. >> >> http://dvws.professionallyevil.com >> >> >> Jason >> >> > On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> >> wrote: >> > >> > Hi All, >> > >> > As someone has compiled a list of all intentionally vulnerable web >> applications, do we have any such list for web services? >> > >> > I need some vulnerable web-services for my learning. Thought if any of >> you know any such available web-services? >> > >> > -- >> > Thanks, >> > Pankaj Upadhyay >> > >> > _______________________________________________ >> > The Web Security Mailing List >> > >> > WebSecurity RSS Feed >> > http://www.webappsec.org/rss/websecurity.rss >> > >> > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA >> > >> > WASC on Twitter >> > http://twitter.com/wascupdates >> > >> > websecurity@lists.webappsec.org >> > >> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org >> > > > > -- > Thanks, > Pankaj Upadhyay > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > -- Regards Vijay L|PT,E|CSA,C|EH,C|HFI http://vijayvkvelu.blogspot.com http://in.linkedin.com/in/vijayvelu mailto:vijayvkvelu@gmail.com " Mess with the Best , Die like the Rest"

Or use free online challenge environment (VPN required) https://www.owasp.org/index.php/OWASP_Hacking_Lab Ivan From: websecurity [mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of vijayVK velu Sent: Montag, 3. Februar 2014 11:55 To: Pankaj Upadhyay Cc: websecurity@lists.webappsec.org; Jason Wood Subject: Re: [WEB SECURITY] Any Vulnerable Web-Services available online fortesting? demo.testfire.net testphp.vulnweb.com testasp.vulnweb.com zero.webappsecurity.com crackme.cenzic.com webscantest.com Else spin a XAMMP or LAMP and put DVWA, webgoat or jarlsbery on it. Cheers Vj On 2 February 2014 23:30, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> wrote: Thanks all! I'm going through all of them.. Appreciate the help! On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood <jason@jwnetworkconsulting.com> wrote: Damn Vulnerable Web Services has been released by Secure Ideas. http://dvws.professionallyevil.com Jason > On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> wrote: > > Hi All, > > As someone has compiled a list of all intentionally vulnerable web applications, do we have any such list for web services? > > I need some vulnerable web-services for my learning. Thought if any of you know any such available web-services? > > -- > Thanks, > Pankaj Upadhyay > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org -- Thanks, Pankaj Upadhyay _______________________________________________ The Web Security Mailing List WebSecurity RSS Feed http://www.webappsec.org/rss/websecurity.rss Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA WASC on Twitter http://twitter.com/wascupdates websecurity@lists.webappsec.org http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org -- Regards Vijay L|PT,E|CSA,C|EH,C|HFI http://vijayvkvelu.blogspot.com http://in.linkedin.com/in/vijayvelu mailto:vijayvkvelu@gmail.com " Mess with the Best , Die like the Rest"

Hi All, Every major web application security scanner vendor have thr demo site to demnostrate the tools capabilities and features....few of them are AppScan , Cenzic, HP etc. you can also refer security consortium like OWASP, WASC, etc which have projects on vulnerable sites for hand-on experience. Regards, Anuj Gupta On Mon, Feb 3, 2014 at 4:31 PM, Ivan Buetler <ivan.buetler@csnc.ch> wrote: > Or use free online challenge environment (VPN required) > > https://www.owasp.org/index.php/OWASP_Hacking_Lab > > Ivan > > > > > > *From:* websecurity [mailto:websecurity-bounces@lists.webappsec.org] *On > Behalf Of *vijayVK velu > *Sent:* Montag, 3. Februar 2014 11:55 > *To:* Pankaj Upadhyay > *Cc:* websecurity@lists.webappsec.org; Jason Wood > *Subject:* Re: [WEB SECURITY] Any Vulnerable Web-Services available > online fortesting? > > > > demo.testfire.net > > testphp.vulnweb.com > > testasp.vulnweb.com > > zero.webappsecurity.com > > crackme.cenzic.com > > webscantest.com > > > > Else spin a XAMMP or LAMP and put DVWA, webgoat or jarlsbery on it. > > > > Cheers > > Vj > > > > On 2 February 2014 23:30, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> wrote: > > Thanks all! I'm going through all of them.. Appreciate the help! > > > > On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood <jason@jwnetworkconsulting.com> > wrote: > > Damn Vulnerable Web Services has been released by Secure Ideas. > > http://dvws.professionallyevil.com > > > Jason > > > > On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> > wrote: > > > > Hi All, > > > > As someone has compiled a list of all intentionally vulnerable web > applications, do we have any such list for web services? > > > > I need some vulnerable web-services for my learning. Thought if any of > you know any such available web-services? > > > > -- > > Thanks, > > Pankaj Upadhyay > > > > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > -- > Thanks, > Pankaj Upadhyay > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > -- > Regards > Vijay L|PT,E|CSA,C|EH,C|HFI > http://vijayvkvelu.blogspot.com > http://in.linkedin.com/in/vijayvelu > mailto:vijayvkvelu@gmail.com > " Mess with the Best , Die like the Rest" > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > -- Anuj Gupta

Theres a pretty complete list of vulnerable web apps here: https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project We dont currently flag those that provide web services, but we could easily add such info in the Notes fields. Note that this project is on GitHub, so you can just send us pull requests: https://github.com/OWASP/OWASP-VWAD Simon On Mon, Feb 3, 2014 at 11:01 AM, Ivan Buetler <ivan.buetler@csnc.ch> wrote: > Or use free online challenge environment (VPN required) > > https://www.owasp.org/index.php/OWASP_Hacking_Lab > > Ivan > > > > > > From: websecurity [mailto:websecurity-bounces@lists.webappsec.org] On Behalf > Of vijayVK velu > Sent: Montag, 3. Februar 2014 11:55 > To: Pankaj Upadhyay > Cc: websecurity@lists.webappsec.org; Jason Wood > Subject: Re: [WEB SECURITY] Any Vulnerable Web-Services available online > fortesting? > > > > demo.testfire.net > > testphp.vulnweb.com > > testasp.vulnweb.com > > zero.webappsecurity.com > > crackme.cenzic.com > > webscantest.com > > > > Else spin a XAMMP or LAMP and put DVWA, webgoat or jarlsbery on it. > > > > Cheers > > Vj > > > > On 2 February 2014 23:30, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> wrote: > > Thanks all! I'm going through all of them.. Appreciate the help! > > > > On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood <jason@jwnetworkconsulting.com> > wrote: > > Damn Vulnerable Web Services has been released by Secure Ideas. > > http://dvws.professionallyevil.com > > > Jason > > >> On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> >> wrote: >> >> Hi All, >> >> As someone has compiled a list of all intentionally vulnerable web >> applications, do we have any such list for web services? >> >> I need some vulnerable web-services for my learning. Thought if any of you >> know any such available web-services? >> >> -- >> Thanks, >> Pankaj Upadhyay >> > >> _______________________________________________ >> The Web Security Mailing List >> >> WebSecurity RSS Feed >> http://www.webappsec.org/rss/websecurity.rss >> >> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA >> >> WASC on Twitter >> http://twitter.com/wascupdates >> >> websecurity@lists.webappsec.org >> >> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > -- > Thanks, > Pankaj Upadhyay > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > -- > Regards > Vijay L|PT,E|CSA,C|EH,C|HFI > http://vijayvkvelu.blogspot.com > http://in.linkedin.com/in/vijayvelu > mailto:vijayvkvelu@gmail.com > " Mess with the Best , Die like the Rest" > > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > -- OWASP ZAP Project leader

Acunetix (live): http://testphp.acunetix.com http://testasp.acunetix.com http://testaspnet.acunetix.com Regards, Albert 2014-02-03 psiinon <psiinon@gmail.com>: > Theres a pretty complete list of vulnerable web apps here: > > https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project > > We dont currently flag those that provide web services, but we could > easily add such info in the Notes fields. > > Note that this project is on GitHub, so you can just send us pull > requests: https://github.com/OWASP/OWASP-VWAD > > Simon > > On Mon, Feb 3, 2014 at 11:01 AM, Ivan Buetler <ivan.buetler@csnc.ch> > wrote: > > Or use free online challenge environment (VPN required) > > > > https://www.owasp.org/index.php/OWASP_Hacking_Lab > > > > Ivan > > > > > > > > > > > > From: websecurity [mailto:websecurity-bounces@lists.webappsec.org] On > Behalf > > Of vijayVK velu > > Sent: Montag, 3. Februar 2014 11:55 > > To: Pankaj Upadhyay > > Cc: websecurity@lists.webappsec.org; Jason Wood > > Subject: Re: [WEB SECURITY] Any Vulnerable Web-Services available online > > fortesting? > > > > > > > > demo.testfire.net > > > > testphp.vulnweb.com > > > > testasp.vulnweb.com > > > > zero.webappsecurity.com > > > > crackme.cenzic.com > > > > webscantest.com > > > > > > > > Else spin a XAMMP or LAMP and put DVWA, webgoat or jarlsbery on it. > > > > > > > > Cheers > > > > Vj > > > > > > > > On 2 February 2014 23:30, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> > wrote: > > > > Thanks all! I'm going through all of them.. Appreciate the help! > > > > > > > > On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood < > jason@jwnetworkconsulting.com> > > wrote: > > > > Damn Vulnerable Web Services has been released by Secure Ideas. > > > > http://dvws.professionallyevil.com > > > > > > Jason > > > > > >> On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> > >> wrote: > >> > >> Hi All, > >> > >> As someone has compiled a list of all intentionally vulnerable web > >> applications, do we have any such list for web services? > >> > >> I need some vulnerable web-services for my learning. Thought if any of > you > >> know any such available web-services? > >> > >> -- > >> Thanks, > >> Pankaj Upadhyay > >> > > > >> _______________________________________________ > >> The Web Security Mailing List > >> > >> WebSecurity RSS Feed > >> http://www.webappsec.org/rss/websecurity.rss > >> > >> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > >> > >> WASC on Twitter > >> http://twitter.com/wascupdates > >> > >> websecurity@lists.webappsec.org > >> > >> > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > > > > > > > -- > > Thanks, > > Pankaj Upadhyay > > > > > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > > > > > > > -- > > Regards > > Vijay L|PT,E|CSA,C|EH,C|HFI > > http://vijayvkvelu.blogspot.com > > http://in.linkedin.com/in/vijayvelu > > mailto:vijayvkvelu@gmail.com > > " Mess with the Best , Die like the Rest" > > > > > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > -- > OWASP ZAP Project leader > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org >

Ummm http://testphp.acunetix.com is down, not accessible or no longer exists? http://testasp.acunetix.com has moved to http://testasp.vulnweb.com http://testaspnet.acunetix.com has moved to testaspnet.vulnweb.com And these do not provide web services - Rui On 2014-02-03 09:11, Albert Sans wrote: > Acunetix (live): > > http://testphp.acunetix.com [17] > http://testasp.acunetix.com [18] > http://testaspnet.acunetix.com [19] > > Regards, > Albert > > 2014-02-03 psiinon <psiinon@gmail.com>: > >> Theres a pretty complete list of vulnerable web apps here: >> > https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project >> [1] >> >> We dont currently flag those that provide web services, but we >> could >> easily add such info in the Notes fields. >> >> Note that this project is on GitHub, so you can just send us pull >> requests: https://github.com/OWASP/OWASP-VWAD [2] >> >> Simon >> >> On Mon, Feb 3, 2014 at 11:01 AM, Ivan Buetler >> <ivan.buetler@csnc.ch> wrote: >>> Or use free online challenge environment (VPN required) >>> >>> https://www.owasp.org/index.php/OWASP_Hacking_Lab [3] >>> >>> Ivan >>> >>> >>> >>> >>> >>> From: websecurity >> [mailto:websecurity-bounces@lists.webappsec.org] On Behalf >>> Of vijayVK velu >>> Sent: Montag, 3. Februar 2014 11:55 >>> To: Pankaj Upadhyay >>> Cc: websecurity@lists.webappsec.org; Jason Wood >>> Subject: Re: [WEB SECURITY] Any Vulnerable Web-Services available >> online >>> fortesting? >>> >>> >>> >>> demo.testfire.net [4] >>> >>> testphp.vulnweb.com [5] >>> >>> testasp.vulnweb.com [6] >>> >>> zero.webappsecurity.com [7] >>> >>> crackme.cenzic.com [8] >>> >>> webscantest.com [9] >>> >>> >>> >>> Else spin a XAMMP or LAMP and put DVWA, webgoat or  jarlsbery on >> it. >>> >>> >>> >>> Cheers >>> >>> Vj >>> >>> >>> >>> On 2 February 2014 23:30, Pankaj Upadhyay >> <mr.p.upadhyay@gmail.com> wrote: >>> >>> Thanks all! I'm going through all of them.. Appreciate the help! >>> >>> >>> >>> On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood >> <jason@jwnetworkconsulting.com> >>> wrote: >>> >>> Damn Vulnerable Web Services has been released by Secure Ideas. >>> >>> http://dvws.professionallyevil.com [10] >>> >>> >>> Jason >>> >>> >>>> On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay >> <mr.p.upadhyay@gmail.com> >>>> wrote: >>>> >>>> Hi All, >>>> >>>> As someone has compiled a list of all intentionally vulnerable >> web >>>> applications, do we have any such list for web services? >>>> >>>> I need some vulnerable web-services for my learning. Thought if >> any of you >>>> know any such available web-services? >>>> >>>> -- >>>> Thanks, >>>> Pankaj Upadhyay >>>> >>> >>>> _______________________________________________ >>>> The Web Security Mailing List >>>> >>>> WebSecurity RSS Feed >>>> http://www.webappsec.org/rss/websecurity.rss [11] >>>> >>>> Join WASC on LinkedIn >> http://www.linkedin.com/e/gis/83336/4B20E4374DBA [12] >>>> >>>> WASC on Twitter >>>> http://twitter.com/wascupdates [13] >>>> >>>> websecurity@lists.webappsec.org >>>> >>>> >> > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org >> [14] >>> >>> >>> >>> >>> >>> -- >>> Thanks, >>> Pankaj Upadhyay >>> >>> >>> _______________________________________________ >>> The Web Security Mailing List >>> >>> WebSecurity RSS Feed >>> http://www.webappsec.org/rss/websecurity.rss [11] >>> >>> Join WASC on LinkedIn >> http://www.linkedin.com/e/gis/83336/4B20E4374DBA [12] >>> >>> WASC on Twitter >>> http://twitter.com/wascupdates [13] >>> >>> websecurity@lists.webappsec.org >>> >> > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org >> [14] >>> >>> >>> >>> >>> >>> -- >>> Regards >>> Vijay L|PT,E|CSA,C|EH,C|HFI >>> http://vijayvkvelu.blogspot.com [15] >>> http://in.linkedin.com/in/vijayvelu [16] >>> mailto:vijayvkvelu@gmail.com >>> " Mess with the Best , Die like the Rest" >>> >>> >>> _______________________________________________ >>> The Web Security Mailing List >>> >>> WebSecurity RSS Feed >>> http://www.webappsec.org/rss/websecurity.rss [11] >>> >>> Join WASC on LinkedIn >> http://www.linkedin.com/e/gis/83336/4B20E4374DBA [12] >>> >>> WASC on Twitter >>> http://twitter.com/wascupdates [13] >>> >>> websecurity@lists.webappsec.org >>> >> > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org >> [14] >>> >> >> -- >> OWASP ZAP Project leader >> >> _______________________________________________ >> The Web Security Mailing List >> >> WebSecurity RSS Feed >> http://www.webappsec.org/rss/websecurity.rss [11] >> >> Join WASC on LinkedIn >> http://www.linkedin.com/e/gis/83336/4B20E4374DBA [12] >> >> WASC on Twitter >> http://twitter.com/wascupdates [13] >> >> websecurity@lists.webappsec.org >> > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org >> [14] > > > > Links: > ------ > [1] > https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project > [2] https://github.com/OWASP/OWASP-VWAD > [3] https://www.owasp.org/index.php/OWASP_Hacking_Lab > [4] http://demo.testfire.net > [5] http://testphp.vulnweb.com > [6] http://testasp.vulnweb.com > [7] http://zero.webappsecurity.com > [8] http://crackme.cenzic.com > [9] http://webscantest.com > [10] http://dvws.professionallyevil.com > [11] http://www.webappsec.org/rss/websecurity.rss > [12] http://www.linkedin.com/e/gis/83336/4B20E4374DBA > [13] http://twitter.com/wascupdates > [14] > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > [15] http://vijayvkvelu.blogspot.com > [16] http://in.linkedin.com/in/vijayvelu > [17] http://testphp.acunetix.com > [18] http://testasp.acunetix.com > [19] http://testaspnet.acunetix.com > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

Thanks guys.. I know that the list of vulnerable Web Applications is very exhaustive though my point of interest was 'Web Services'. I also understand that most of vulnerable webapps are already providing some vulnerable webservices. I haven't tried them so far so its time to see through them. Thanks again! On Mon, Feb 3, 2014 at 8:53 PM, <ruiper@wavefrontcg.com> wrote: > Ummm > > http://testphp.acunetix.com is down, not accessible or no longer exists? > http://testasp.acunetix.com has moved to http://testasp.vulnweb.com > http://testaspnet.acunetix.com has moved to testaspnet.vulnweb.com > > And these do not provide web services > > - Rui > > On 2014-02-03 09:11, Albert Sans wrote: > >> Acunetix (live): >> >> http://testphp.acunetix.com [17] >> http://testasp.acunetix.com [18] >> http://testaspnet.acunetix.com [19] >> >> >> Regards, >> Albert >> >> 2014-02-03 psiinon <psiinon@gmail.com>: >> >> Theres a pretty complete list of vulnerable web apps here: >>> >>> https://www.owasp.org/index.php/OWASP_Vulnerable_Web_ >> Applications_Directory_Project >> >>> [1] >>> >>> >>> We dont currently flag those that provide web services, but we >>> could >>> easily add such info in the Notes fields. >>> >>> Note that this project is on GitHub, so you can just send us pull >>> requests: https://github.com/OWASP/OWASP-VWAD [2] >>> >>> >>> Simon >>> >>> On Mon, Feb 3, 2014 at 11:01 AM, Ivan Buetler >>> <ivan.buetler@csnc.ch> wrote: >>> >>>> Or use free online challenge environment (VPN required) >>>> >>>> https://www.owasp.org/index.php/OWASP_Hacking_Lab [3] >>>> >>>> Ivan >>>> >>>> >>>> >>>> >>>> >>>> From: websecurity >>>> >>> [mailto:websecurity-bounces@lists.webappsec.org] On Behalf >>> >>>> Of vijayVK velu >>>> Sent: Montag, 3. Februar 2014 11:55 >>>> To: Pankaj Upadhyay >>>> Cc: websecurity@lists.webappsec.org; Jason Wood >>>> Subject: Re: [WEB SECURITY] Any Vulnerable Web-Services available >>>> >>> online >>> >>>> fortesting? >>>> >>>> >>>> >>>> demo.testfire.net [4] >>>> >>>> testphp.vulnweb.com [5] >>>> >>>> testasp.vulnweb.com [6] >>>> >>>> zero.webappsecurity.com [7] >>>> >>>> crackme.cenzic.com [8] >>>> >>>> webscantest.com [9] >>>> >>>> >>>> >>>> >>>> Else spin a XAMMP or LAMP and put DVWA, webgoat or jarlsbery on >>>> >>> it. >>> >>>> >>>> >>>> >>>> Cheers >>>> >>>> Vj >>>> >>>> >>>> >>>> On 2 February 2014 23:30, Pankaj Upadhyay >>>> >>> <mr.p.upadhyay@gmail.com> wrote: >>> >>>> >>>> Thanks all! I'm going through all of them.. Appreciate the help! >>>> >>>> >>>> >>>> On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood >>>> >>> <jason@jwnetworkconsulting.com> >>> >>>> wrote: >>>> >>>> Damn Vulnerable Web Services has been released by Secure Ideas. >>>> >>>> http://dvws.professionallyevil.com [10] >>>> >>>> >>>> >>>> Jason >>>> >>>> >>>> On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay >>>>> >>>> <mr.p.upadhyay@gmail.com> >>> >>>> wrote: >>>>> >>>>> Hi All, >>>>> >>>>> As someone has compiled a list of all intentionally vulnerable >>>>> >>>> web >>> >>>> applications, do we have any such list for web services? >>>>> >>>>> I need some vulnerable web-services for my learning. Thought if >>>>> >>>> any of you >>> >>>> know any such available web-services? >>>>> >>>>> -- >>>>> Thanks, >>>>> Pankaj Upadhyay >>>>> >>>>> >>>> _______________________________________________ >>>>> The Web Security Mailing List >>>>> >>>>> WebSecurity RSS Feed >>>>> http://www.webappsec.org/rss/websecurity.rss [11] >>>>> >>>>> Join WASC on LinkedIn >>>>> >>>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA [12] >>> >>>> >>>>> WASC on Twitter >>>>> http://twitter.com/wascupdates [13] >>>>> >>>>> websecurity@lists.webappsec.org >>>>> >>>>> >>>>> >>> http://lists.webappsec.org/mailman/listinfo/websecurity_ >> lists.webappsec.org >> >>> [14] >>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Thanks, >>>> Pankaj Upadhyay >>>> >>>> >>>> _______________________________________________ >>>> The Web Security Mailing List >>>> >>>> WebSecurity RSS Feed >>>> http://www.webappsec.org/rss/websecurity.rss [11] >>>> >>>> Join WASC on LinkedIn >>>> >>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA [12] >>> >>>> >>>> WASC on Twitter >>>> http://twitter.com/wascupdates [13] >>>> >>>> websecurity@lists.webappsec.org >>>> >>>> >>> http://lists.webappsec.org/mailman/listinfo/websecurity_ >> lists.webappsec.org >> >>> [14] >>> >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> Regards >>>> Vijay L|PT,E|CSA,C|EH,C|HFI >>>> http://vijayvkvelu.blogspot.com [15] >>>> http://in.linkedin.com/in/vijayvelu [16] >>>> >>>> mailto:vijayvkvelu@gmail.com >>>> " Mess with the Best , Die like the Rest" >>>> >>>> >>>> _______________________________________________ >>>> The Web Security Mailing List >>>> >>>> WebSecurity RSS Feed >>>> http://www.webappsec.org/rss/websecurity.rss [11] >>>> >>>> Join WASC on LinkedIn >>>> >>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA [12] >>> >>>> >>>> WASC on Twitter >>>> http://twitter.com/wascupdates [13] >>>> >>>> websecurity@lists.webappsec.org >>>> >>>> >>> http://lists.webappsec.org/mailman/listinfo/websecurity_ >> lists.webappsec.org >> >>> [14] >>> >>> >>>> >>> -- >>> OWASP ZAP Project leader >>> >>> _______________________________________________ >>> The Web Security Mailing List >>> >>> WebSecurity RSS Feed >>> http://www.webappsec.org/rss/websecurity.rss [11] >>> >>> Join WASC on LinkedIn >>> http://www.linkedin.com/e/gis/83336/4B20E4374DBA [12] >>> >>> WASC on Twitter >>> http://twitter.com/wascupdates [13] >>> >>> websecurity@lists.webappsec.org >>> >>> http://lists.webappsec.org/mailman/listinfo/websecurity_ >> lists.webappsec.org >> >>> [14] >>> >> >> >> >> Links: >> ------ >> [1] >> https://www.owasp.org/index.php/OWASP_Vulnerable_Web_ >> Applications_Directory_Project >> [2] https://github.com/OWASP/OWASP-VWAD >> [3] https://www.owasp.org/index.php/OWASP_Hacking_Lab >> [4] http://demo.testfire.net >> [5] http://testphp.vulnweb.com >> [6] http://testasp.vulnweb.com >> [7] http://zero.webappsecurity.com >> [8] http://crackme.cenzic.com >> [9] http://webscantest.com >> [10] http://dvws.professionallyevil.com >> [11] http://www.webappsec.org/rss/websecurity.rss >> [12] http://www.linkedin.com/e/gis/83336/4B20E4374DBA >> [13] http://twitter.com/wascupdates >> [14] http://lists.webappsec.org/mailman/listinfo/websecurity_ >> lists.webappsec.org >> [15] http://vijayvkvelu.blogspot.com >> [16] http://in.linkedin.com/in/vijayvelu >> [17] http://testphp.acunetix.com >> [18] http://testasp.acunetix.com >> [19] http://testaspnet.acunetix.com >> >> >> _______________________________________________ >> The Web Security Mailing List >> >> WebSecurity RSS Feed >> http://www.webappsec.org/rss/websecurity.rss >> >> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA >> >> WASC on Twitter >> http://twitter.com/wascupdates >> >> websecurity@lists.webappsec.org >> http://lists.webappsec.org/mailman/listinfo/websecurity_ >> lists.webappsec.org >> > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_ > lists.webappsec.org > -- Thanks, Pankaj Upadhyay

Simon- That would be great! On Mon, Feb 3, 2014 at 6:00 PM, psiinon <psiinon@gmail.com> wrote: > Theres a pretty complete list of vulnerable web apps here: > > https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project > > We dont currently flag those that provide web services, but we could > easily add such info in the Notes fields. > > Note that this project is on GitHub, so you can just send us pull > requests: https://github.com/OWASP/OWASP-VWAD > > Simon > > On Mon, Feb 3, 2014 at 11:01 AM, Ivan Buetler <ivan.buetler@csnc.ch> > wrote: > > Or use free online challenge environment (VPN required) > > > > https://www.owasp.org/index.php/OWASP_Hacking_Lab > > > > Ivan > > > > > > > > > > > > From: websecurity [mailto:websecurity-bounces@lists.webappsec.org] On > Behalf > > Of vijayVK velu > > Sent: Montag, 3. Februar 2014 11:55 > > To: Pankaj Upadhyay > > Cc: websecurity@lists.webappsec.org; Jason Wood > > Subject: Re: [WEB SECURITY] Any Vulnerable Web-Services available online > > fortesting? > > > > > > > > demo.testfire.net > > > > testphp.vulnweb.com > > > > testasp.vulnweb.com > > > > zero.webappsecurity.com > > > > crackme.cenzic.com > > > > webscantest.com > > > > > > > > Else spin a XAMMP or LAMP and put DVWA, webgoat or jarlsbery on it. > > > > > > > > Cheers > > > > Vj > > > > > > > > On 2 February 2014 23:30, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> > wrote: > > > > Thanks all! I'm going through all of them.. Appreciate the help! > > > > > > > > On Sun, Feb 2, 2014 at 12:09 AM, Jason Wood < > jason@jwnetworkconsulting.com> > > wrote: > > > > Damn Vulnerable Web Services has been released by Secure Ideas. > > > > http://dvws.professionallyevil.com > > > > > > Jason > > > > > >> On Feb 1, 2014, at 10:07 AM, Pankaj Upadhyay <mr.p.upadhyay@gmail.com> > >> wrote: > >> > >> Hi All, > >> > >> As someone has compiled a list of all intentionally vulnerable web > >> applications, do we have any such list for web services? > >> > >> I need some vulnerable web-services for my learning. Thought if any of > you > >> know any such available web-services? > >> > >> -- > >> Thanks, > >> Pankaj Upadhyay > >> > > > >> _______________________________________________ > >> The Web Security Mailing List > >> > >> WebSecurity RSS Feed > >> http://www.webappsec.org/rss/websecurity.rss > >> > >> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > >> > >> WASC on Twitter > >> http://twitter.com/wascupdates > >> > >> websecurity@lists.webappsec.org > >> > >> > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > > > > > > > -- > > Thanks, > > Pankaj Upadhyay > > > > > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > > > > > > > -- > > Regards > > Vijay L|PT,E|CSA,C|EH,C|HFI > > http://vijayvkvelu.blogspot.com > > http://in.linkedin.com/in/vijayvelu > > mailto:vijayvkvelu@gmail.com > > " Mess with the Best , Die like the Rest" > > > > > > _______________________________________________ > > The Web Security Mailing List > > > > WebSecurity RSS Feed > > http://www.webappsec.org/rss/websecurity.rss > > > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > > > WASC on Twitter > > http://twitter.com/wascupdates > > > > websecurity@lists.webappsec.org > > > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > > > > > > -- > OWASP ZAP Project leader > -- Thanks, Pankaj Upadhyay