New to Hacking .. Help !!

hello all ,
           im sure there is a kind heart to help this newbie to hacking..

im AF Certified Ethical Hacker..i know few hacking techniques from hidden html tags, SQL injection ,Cross site scripiting and other basic attacks..but NO HandsOn exposure..could someone help me with where to start,proceed? hw did u start ? and assignment or tasks which u like to suggest?

ill be loyal to whom so ever it may concern..

thanks,
AbdExplore

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Ah that is how they call it now? Certified Ethical Hacker. A.K.A Script
kiddy?
What do you understand under loyal? :)

On 10/6/2009 5:41 PM, abd.explore@... wrote:

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Hey everyone,
Does anyone know of any free SQL injection or XSS tools to scan a single
website?  I checked out Acunetix and a few other tools, but they are
pretty expensive.  Not that I don't want to support vendors who make
good tools, but this project isn't going to make much $$, so free tools
are our only option if we want to scan to see where we're at.

Thanks in advance!



Scott

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Build your own lab and have a go at it ... You won't learn hacking the
easy way. It's dedication and perseverance that will take you there .

Cheers,

Wim

On Tue, Oct 6, 2009 at 5:41 PM,  <abd.explore@...> wrote:


--
Wim Remes
Security Afficionado

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

I think I know where you're coming from; I'll say find some war-game
websites. Happyhacker.org has a few links, my favorite is
hackthissite.org. Great support forums and good information. HOWEVER do
not do this from a "gov" system, provided they don't have the sites
filtered (partly my fault I'm sure) further in the "game" will likely
set of the IDS/ASIM (been there done that as well).

Learn all you can,
-Paul

-----Original Message-----
From: listbounce@... [mailto:listbounce@...]
On Behalf Of abd.explore@...
Sent: Tuesday, October 06, 2009 11:41 AM
To: security-basics@...
Subject: New to Hacking .. Help !!

hello all ,
           im sure there is a kind heart to help this newbie to
hacking..

im AF Certified Ethical Hacker..i know few hacking techniques from
hidden html tags, SQL injection ,Cross site scripiting and other basic
attacks..but NO HandsOn exposure..could someone help me with where to
start,proceed? hw did u start ? and assignment or tasks which u like to
suggest?

ill be loyal to whom so ever it may concern..

thanks,
AbdExplore

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Now, now! Don't let the lack of grammar fool you into thinking he\she is
a script kiddy (sic).  I believe that Certified Ethical Hacker is a
genuine qualification now and so at least commands the respect that he
has passed it.


-----Original Message-----
From: listbounce@... [mailto:listbounce@...]
On Behalf Of { Feeyo|NixDevs }
Sent: 06 October 2009 23:43
To: security-basics@...
Subject: Re: New to Hacking .. Help !!

Ah that is how they call it now? Certified Ethical Hacker. A.K.A Script
kiddy?
What do you understand under loyal? :)

On 10/6/2009 5:41 PM, abd.explore@... wrote:
> hello all ,
>             im sure there is a kind heart to help this newbie to
hacking..
>
> im AF Certified Ethical Hacker..i know few hacking techniques from
hidden html tags, SQL injection ,Cross site scripiting and other basic
attacks..but NO HandsOn exposure..could someone help me with where to
start,proceed? hw did u start ? and assignment or tasks which u like to
suggest?
>
> ill be loyal to whom so ever it may concern..
>
> thanks,
> AbdExplore
>
>
------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
>
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>
------------------------------------------------------------------------
>
>    


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Hi Scott,

Firefox + XSS ME / SQL Inject Me from SecurityCompass

With this kind of tools, you can add your own XSS / SQL Injection values /tests.

Perhaps, you can check OWASP website, I don't remember if there's a
webpage for known or useful tools.

Regards,

-------------------------------------------------------------------
FV



On Wed, Oct 7, 2009 at 01:57, Scott Race <scott@...> wrote:
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

I don’t value my CEH that much, but again, being a CEH is not being a script
kiddy. The official meaning means that you are hacking with the consent of
who ever is your target.

If you are not a script kiddy, you must at least known this much.
And therefore, don’t waste time and bandwidth trying to insult someone who
wants to learn more.


For the initial question, the lab answer provided by someone else is the way
I would go. Also some security certs are very good for that, I think SANS
offers a wide choice of these.

Good luck
 
Philippe Rivest - CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Verificateur interne - Securite de l'information

8585 Trans-Canada Highway, Suite 300
Saint-Laurent (Quebec) H4S 1Z6
Tel.: 514-331-4417  
Fax: 514-856-7541

http://www.transforce.ca/


-----Message d'origine-----
De : listbounce@... [mailto:listbounce@...] De
la part de { Feeyo|NixDevs }
Envoyé : 6 octobre 2009 18:43
À : security-basics@...
Objet : Re: New to Hacking .. Help !!

Ah that is how they call it now? Certified Ethical Hacker. A.K.A Script
kiddy?
What do you understand under loyal? :)

On 10/6/2009 5:41 PM, abd.explore@... wrote:
> hello all ,
>             im sure there is a kind heart to help this newbie to hacking..
>
> im AF Certified Ethical Hacker..i know few hacking techniques from hidden
html tags, SQL injection ,Cross site scripiting and other basic attacks..but
NO HandsOn exposure..could someone help me with where to start,proceed? hw
did u start ? and assignment or tasks which u like to suggest?
>
> ill be loyal to whom so ever it may concern..
>
> thanks,
> AbdExplore
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.
>
>
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
> ------------------------------------------------------------------------
>
>    


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

Hi Scott,

SecurityHack's Top 15 SQL Injection Scanners - http://rochakchauhan.com/blog/2008/01/10/top-15-free-sql-injection-scanners/

HP Scrawlr is another free tool for testing SQL injection.
SQL Inject-Me & XSS-Me from the Exploit Me tool kit (Security Compass) are firefox extensions which could be useful.
Even Paros helps in finding SQL Injection & XSS to some extent.
If appropriately configured, the fuzzers available in tools such as BurpSuite & WebScarab can also be used for finding these vulnerabilities.
RSnake's XSS cheat sheet would be highly useful for identifying XSS by the way of fuzzing.

Pl. feel free to reach me for any further information.

Regards
VB a.k.a Vicky Baba

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

I agree with the lab, you could also add damn vulnerable linux,http://www.damnvulnerablelinux.org/, OWASPs webgoat http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project and the foundstone stuff like hankmebank, hankmebooks, hankmeshipping etc. http://www.foundstone.com/us/resources-free-tools.asp

In the long run I would also learn shellcoding.

Best Regards ::John

----- Original Message -----
From: "Wim Remes" <wremes@...>
To: "abd explore" <abd.explore@...>
Cc: security-basics@...
Sent: Wednesday, October 7, 2009 5:06:34 AM GMT -05:00 US/Canada Eastern
Subject: Re: New to Hacking .. Help !!

Build your own lab and have a go at it ... You won't learn hacking the
easy way. It's dedication and perseverance that will take you there .

Cheers,

Wim

On Tue, Oct 6, 2009 at 5:41 PM,  <abd.explore@...> wrote:


--
Wim Remes
Security Afficionado

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Hello Scott,

Try absinthe ( http://www.0x90.org/releases/absinthe/download.php ).
There was once a tool called lilith but i dont know if still exists.



--
Best regards,
 Adam Pal  

Wednesday, October 7, 2009, 1:57:36 AM, you wrote:

<==============Original message text===============
SR> Hey everyone,
SR> Does anyone know of any free SQL injection or XSS tools to scan a single
SR> website?  I checked out Acunetix and a few other tools, but they are
SR> pretty expensive.  Not that I don't want to support vendors who make
SR> good tools, but this project isn't going to make much $$, so free tools
SR> are our only option if we want to scan to see where we're at.

SR> Thanks in advance!



SR> Scott

SR> ------------------------------------------------------------------------
SR> Securing Apache Web Server with thawte Digital Certificate
SR> In this guide we examine the importance of Apache-SSL and who
SR> needs an SSL certificate.  We look at how SSL works, how it
SR> benefits your company and how your customers can tell if a site is
SR> secure. You will find out how to test, purchase, install and use a
SR> thawte Digital Certificate on your Apache web server. Throughout,
SR> best practices for set-up are highlighted to help you ensure
SR> efficient ongoing management of your encryption keys and digital certificates.

SR> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
SR> ------------------------------------------------------------------------

<===========End of original message text===========

Paul Jenkins wrote:
I created a bunch of wargames a while back. They can be downloaded from
here: http://www.the-playground.dk/pmwiki.php?n=Projects.Wargames

The site is in danish but each wargame zip file contains a README in
english.

Go nuts!

Hi.

There are a few good tools out there for finding web application
vulnerabilites and it's a good idea run them against your sites before
someone else does. I've used and had good experience with all these
aside from Pantera and Proxmon but I understand they are also quality
tools.

ratproxy - http://code.google.com/p/ratproxy/
Paros - http://www.parosproxy.org
Nikto - http://cirt.net/nikto2
Wapiti - http://sourceforge.net/projects/wapiti/
Proxmon - http://www.isecpartners.com/proxmon.html
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project


Also useful for creating your own attacks.
Webscarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp - http://portswigger.net/proxy/


VB, thanks for the list you sent. I'm checking that out now.


If anyone knows of more web application vulnerabilty scanners, I'd
definitely love to hear about them too. Finding such issues is part of
my job (I work for a web development shop) and I'm always looking for
more free/open source tools like this to ensure few/no such bugs slip
through the cracks.


Mike



On 10/10/2009, Adam Pal <pal_adam@...> wrote:
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Go with these hackable test tools to start with these as suggested by John.

http://www.damnvulnerablelinux.org/
OWASPs webgoat http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
hankmebank, hankmebooks, hankmeshipping etc.
http://www.foundstone.com/us/resources-free-tools.asp

Build a lab, get comfortable with Linux and VMWare Server or VirtualBox.

You could then move onto installing vulnerable apps in your lab and
exploiting them (see Milw0rm for ideas).

Finally start looking for new vulnerabilities in open source and
closed source software that you have access to.


Regards,

Peter
-------------------------------------------------
Vulnerability Assessment - Online
http://www.hackertarget.com
-------------------------------------------------


On Tue, Oct 13, 2009 at 7:31 PM, Robert Larsen <robert@...> wrote:
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

There is a new tool called websecurify that is in its early stages
(v0.3). It does a pretty good job for an automated one click tool,
will be one to keep an eye on.

Crawls a website and finds XSRF,XSS,SQLi etc.

http://www.websecurify.com/



Regards,

Peter
-------------------------------------------------
Vulnerability Assessment - Online
http://www.hackertarget.com
-------------------------------------------------


On Sun, Oct 11, 2009 at 7:37 AM, Adam Pal <pal_adam@...> wrote:
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Acunetix is pretty good...

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of mojorising
Sent: Tuesday, October 13, 2009 4:50 PM
To: Adam Pal
Cc: Scott Race; security-basics@...
Subject: Re: Re[2]: Testing for SQL injection or Cross Site scripting

Hi.

There are a few good tools out there for finding web application
vulnerabilites and it's a good idea run them against your sites before
someone else does. I've used and had good experience with all these
aside from Pantera and Proxmon but I understand they are also quality
tools.

ratproxy - http://code.google.com/p/ratproxy/
Paros - http://www.parosproxy.org
Nikto - http://cirt.net/nikto2
Wapiti - http://sourceforge.net/projects/wapiti/
Proxmon - http://www.isecpartners.com/proxmon.html
Pantera - http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project


Also useful for creating your own attacks.
Webscarab - http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp - http://portswigger.net/proxy/


VB, thanks for the list you sent. I'm checking that out now.


If anyone knows of more web application vulnerabilty scanners, I'd
definitely love to hear about them too. Finding such issues is part of
my job (I work for a web development shop) and I'm always looking for
more free/open source tools like this to ensure few/no such bugs slip
through the cracks.


Mike



On 10/10/2009, Adam Pal <pal_adam@...> wrote:
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


This email message is a private communication.  The information transmitted, including attachments, is intended only for the person or entity to which it is addressed and may contain confidential, privileged, and/or proprietary material.  Any review, duplication, retransmission, distribution, or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is unauthorized by the sender and is prohibited.  If you have received this message in error, please contact the sender immediately by return email and delete the original message from all computer systems.  Thank you.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Have a look at the SamuariWTF Live CD:
http://samurai.inguardians.com

Has great tools like w3af and BeEF. Well worth a look at.

Also sslsniff and sslstrip by Moxie Marlinspike which are some great tools:
http://www.thoughtcrime.org/software.html

Also look at Mutillidae from irongeek.com
(http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10)
and Damn Vulnerable Web App
(www.ethicalhack3r.co.uk/damn-vulnerable-web-app) as these are great
testing environment for testing tools.

Dale

Also

On Thu, Oct 8, 2009 at 2:22 AM, Fabien Vincent <fabvincent@...> wrote:
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------