[Owasp-leaders] Is there a PHP equivalent to Webgoat?

Deoscoidy Sanchez Deoscoidy.Sanchez at rgonline.com
Sat Sep 5 17:01:24 EDT 2009

Check the Damn Vulnerable Web App at www.dvwa.co.uk/ 

>From their site:
"Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn
vulnerable. Its main goals are to be an aid for security professionals to
test their skills and tools in a legal environment, help web developers
better understand the processes of securing web applications and aid
teachers/students to teach/learn web application security in a class room

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Vlatko Kosturjak
Sent: Friday, September 04, 2009 6:44 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] Is there a PHP equivalent to Webgoat?

Actually, IronGeek has interesting list of vulnerable web applications (nice
to check);

Hope it helps,

Adrian Crenshaw wrote:
> This may be what you want:
> http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vu
> lnerable-php-owasp-top-10
> On Fri, Sep 4, 2009 at 4:30 PM, Michael Menefee <mmenefee at gmail.com 
> <mailto:mmenefee at gmail.com>> wrote:
> Although not exactly the same, there are many deliberately insecure 
> testing sites out there, like the hacme series from Foundstone:
> http://www.foundstone.com/us/resources-free-tools.asp
> Andrew Hay wrote:
>> I¹ve had several people ask me if such a beast exists.
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5199 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090905/594943e5/attachment.bin 

More information about the OWASP-Leaders mailing list