Thursday, March 1, 2012

Vulnerable by Definition

A lot of people, somehow related to security, want to try pentesting from time to time. Most often they start with web applications. The barriers to entry are rather low (the simplest SQL Injection vulnerability can be detected by adding a quotation mark in a parameter and its exploitation is almost as simple), but still there are difficult tasks that require several days of thorough work.

However, where can theoretical knowledge be implemented without any fear of being prosecuted by law-enforcement authorities? There is an overview of ‘proving grounds’ for pentest experiments under the cut.