0

I am going to teach software security for a course lab. I would like to know is there any software- simulator and etc for providing an appropriate environment for practising common types of security attacks such as XSS and SQL injection so that I do not need to spend a lot of time to create samples by myself and etc. Also, since overflow attacks are a part of my teaching lab, I am looking something like VM or sandboxes so that does not have memory protection mechanism, so which os is better and how to disable memory protection mechanism on it?! I hope you understand me, I am not asking to do it for me! I just want to hear some tips! I am thinking to create a VM and install necessary tools on it. But as you know I thought it's better to make sure that there isn't any better option before. So, I am enthusiastically looking to hearing you.

Berliner
  • 5
  • 1
  • 2
  • Made a small example to demonstrate an [SQL-injection](http://www.martinstoeckli.ch/hash/en/hash_sqlinjection.php), maybe it could be useful. – martinstoeckli Apr 13 '17 at 13:56

1 Answers1

0

As it happens there are load of resources for this kind of work. for web application items, I'd recommend the OWASP list which has a large number of options. Personally I've used Juice shop and the Railsgoat , both of which I thought were very good.

For the other vulnerable systems list, I'd suggest looking at somewhere like Vulnhub which has a fair few things which could be useful.

also you might want to look at metasploitable

Rory McCune
  • 60,923
  • 14
  • 136
  • 217