[ OWASP - Montreal ] Vulnerable website/livecd/vmware image for training purpose?

Philippe Blondin blondin.philippe at gmail.com
Sat Feb 28 10:49:28 EST 2009 

Here is another one ==> http://www.badstore.net/

BadStore.net contains the following security vulnerabilities:
 
Cross Site Scripting (XSS)
SQL Injection
Command Injection
Cookie/Session Poisoning
Parameter/Form Tampering
Buffer Overflow
Directory Traversal/Forceful Browsing
Cookie Snooping
Log Tampering
Error Message Interception
Denial of Service
 … and more!

Laurent Desaulniers wrote:
>
> Otherwise, you can try the "hackme" series from foundstone. Stuff like
> hackme casino and all.. it is a bit harder than webgoat.
>
>
>
> On Fri, Feb 27, 2009 at 9:23 PM, Benoit Guerette
> <benoit.guerette at gmail.com <mailto:benoit.guerette at gmail.com>> wrote:
>
>     Thanks Philippe! It it very simple to use, and have both webapp and
>     network/system vulnerabilities.
>
>     I used in with vmware player, using a dumb vmx file to load up the
>     iso file.
>
>
>
>     > Hey,
>     >
>     > I just found this Linux distro today. It's called
>     "damnvulnerablelinux",
>     > here's the website : http://www.damnvulnerablelinux.org/
>     >
>     > Haven't got the chance to try it out yet, but i'll surely do
>     when i have
>     > some time.
>     >
>     > --
>     > http://www.owasp.org/index.php/Montreal
>     >
>     _______________________________________________
>     Owasp-montreal mailing list
>     Owasp-montreal at lists.owasp.org <mailto:Owasp-montreal at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-montreal
>
>
>
>
> -- 
> *CONFIDENTIALITÉ* L'information apparaissant dans ce message
> électronique est de nature légalement privilégiée et confidentielle.
> Si ce message vous est parvenu par erreur et que vous n'êtes pas le
> destinataire visé, vous êtes par les présentes avisé que tout usage,
> copie ou distribution de ce message est strictement interdit. Vous
> êtes donc prié de nous informer immédiatement de cette erreur et de
> détruire ce message.
>
>
>
> *CONFIDENTIALITY* The information in this message is legally
> privileged and confidential. In the event of a transmission error and
> if you are not the individual or entity mentioned above, you are
> hereby advised that any use, copying or reproduction of this document
> is strictly forbidden. Please advise us of this error and destroy this
> message.


-- 
http://www.owasp.org/index.php/Montreal 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: blondin_philippe.vcf
Type: text/x-vcard
Size: 202 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-montreal/attachments/20090228/0484432c/attachment.vcf

More information about the Owasp-montreal mailing list