web application scanning tool - any unsecure demo sites out there to run them against?

Hi everyone,

I'm working on a project that involves evaluation web app scanning
tools.  I'm looking to run each of the scanning tools against  the
following app types:

1.  J2EE
2.  ASP.Net
3.  PHP
4.  ColdFusion

I know that WebGoat is out there on the OWASP site for testing/learning
purposes, but I am coming up empty handed for the the other app types.  
Does anyone have any suggestions for "ready-made" sites like the above
that I could get my hands on?

Thanks!

Bert


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080318-0, 03/18/2008
Tested on: 3/18/2008 10:02:48 AM
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com




-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

You might try some of these sites.

http://www.hackthissite.org/
http://hackme.mightyseek.com/

Darren

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of bigbert007
Sent: Tuesday, March 18, 2008 9:03 AM
To: webappsec@...
Subject: web application scanning tool - any unsecure demo sites out there
to run them against?

Hi everyone,

I'm working on a project that involves evaluation web app scanning tools.
I'm looking to run each of the scanning tools against  the following app
types:

1.  J2EE
2.  ASP.Net
3.  PHP
4.  ColdFusion

I know that WebGoat is out there on the OWASP site for testing/learning
purposes, but I am coming up empty handed for the the other app types.  
Does anyone have any suggestions for "ready-made" sites like the above that
I could get my hands on?

Thanks!

Bert


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080318-0, 03/18/2008 Tested on: 3/18/2008 10:02:48 AM
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com




-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment With the rapid
rise in the number and types of security threats, web application security
assessments should be considered a crucial phase in the development of any
web application. What methodology should be followed? What tools can
accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

Thank you to everyone who responded.  This is fantastic!

Bert


Darren Webb wrote:


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080318-0, 03/18/2008
Tested on: 3/18/2008 1:40:10 PM
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com




-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------

You may also want to look into Hackme Casino, Hackme Shipping, Hackme
Bank, etc...  They are Mcafee / Foundstone tools that are free downloads
from their site.

They give you an environment that's vulnerable to many different (albeit
older) attacks.

They can be found here under Foundstone SASS Tools:
http://www.foundstone.com/us/resources-free-tools.asp


Regards,
Chris Grove, CISSP, NSA-IAM
Professional Services Consultant
iMPERVA
+1 (813) 508-8591 Mobile
cgrove@...
http://iMPERVA.com


-----Original Message-----
From: listbounce@... [mailto:listbounce@...]
On Behalf Of bigbert007
Sent: Tuesday, March 18, 2008 10:03 AM
To: webappsec@...
Subject: web application scanning tool - any unsecure demo sites out
there to run them against?

Hi everyone,

I'm working on a project that involves evaluation web app scanning
tools.  I'm looking to run each of the scanning tools against  the
following app types:

1.  J2EE
2.  ASP.Net
3.  PHP
4.  ColdFusion

I know that WebGoat is out there on the OWASP site for testing/learning
purposes, but I am coming up empty handed for the the other app types.  
Does anyone have any suggestions for "ready-made" sites like the above
that I could get my hands on?

Thanks!

Bert


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 080318-0, 03/18/2008
Tested on: 3/18/2008 10:02:48 AM
avast! - copyright (c) 1988-2008 ALWIL Software.
http://www.avast.com




------------------------------------------------------------------------
-
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process? Download
this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
------------------------------------------------------------------------
-

-------------------------------------------------------------------------
Sponsored by: Watchfire
Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------