[Owasp-leaders] Is there a PHP equivalent to Webgoat?

mordecai kraushar mkraushar at gmail.com
Sun Sep 6 23:29:24 EDT 2009


 There is vicnum  - some php, some mysql and mostly perl . It is a a
lightweight vulnerable web application based on a game played to kill
time.

http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project#tab=Project_Identification

mordecai kraushar





On Sat, Sep 5, 2009 at 5:01 PM, Deoscoidy
Sanchez<Deoscoidy.Sanchez at rgonline.com> wrote:
> Check the Damn Vulnerable Web App at www.dvwa.co.uk/
>
> >From their site:
> "Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn
> vulnerable. Its main goals are to be an aid for security professionals to
> test their skills and tools in a legal environment, help web developers
> better understand the processes of securing web applications and aid
> teachers/students to teach/learn web application security in a class room
> environment."
>
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Vlatko Kosturjak
> Sent: Friday, September 04, 2009 6:44 PM
> To: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] Is there a PHP equivalent to Webgoat?
>
> Actually, IronGeek has interesting list of vulnerable web applications (nice
> to check);
> http://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applic
> ations-for-learning-web-app-security
>
> Hope it helps,
>
> Adrian Crenshaw wrote:
>> This may be what you want:
>> http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vu
>> lnerable-php-owasp-top-10
>>
>> On Fri, Sep 4, 2009 at 4:30 PM, Michael Menefee <mmenefee at gmail.com
>> <mailto:mmenefee at gmail.com>> wrote:
>>
>> Although not exactly the same, there are many deliberately insecure
>> testing sites out there, like the hacme series from Foundstone:
>>
>> http://www.foundstone.com/us/resources-free-tools.asp
>> Andrew Hay wrote:
>>> I¹ve had several people ask me if such a beast exists.
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


More information about the OWASP-Leaders mailing list