Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A new paper on SQL Injection"] [Next entry: "Security, SOX and Oracle Incentive Compensation"]

WebGoat an application to learn how to hack!

Joel sent me an email last week about an interesting application called WebGoat from the Open Web Application Security Project. This sounded interesting so I went for a look. Basically web application security testing is hard to learn and practice as few have access to real complete web based business applications that they can hack. The WebGoat project provides a full J2EE web application that is designed to be tested for security bugs. The application includes lessons that allow someone to understand and try out various hacks. It includes a lot of different attack vectors including SQL Injection, Cross Site Scripting, hidden form field manipulation, blind SQL and many many more.