[Owasp-leaders] Is there a PHP equivalent to Webgoat?

Mike Boberski mike.boberski at gmail.com
Sun Sep 6 23:39:34 EDT 2009


Related, if folks are interested in either the status or contributing to the
PHP ESAPI port, please contact me at mike.boberski at owasp.org

Mike


On Sun, Sep 6, 2009 at 11:29 PM, mordecai kraushar <mkraushar at gmail.com>wrote:

>  There is vicnum  - some php, some mysql and mostly perl . It is a a
> lightweight vulnerable web application based on a game played to kill
> time.
>
>
> http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project#tab=Project_Identification
>
> mordecai kraushar
>
>
>
>
>
> On Sat, Sep 5, 2009 at 5:01 PM, Deoscoidy
> Sanchez<Deoscoidy.Sanchez at rgonline.com> wrote:
> > Check the Damn Vulnerable Web App at www.dvwa.co.uk/
> >
> > >From their site:
> > "Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is
> damn
> > vulnerable. Its main goals are to be an aid for security professionals to
> > test their skills and tools in a legal environment, help web developers
> > better understand the processes of securing web applications and aid
> > teachers/students to teach/learn web application security in a class room
> > environment."
> >
> > -----Original Message-----
> > From: owasp-leaders-bounces at lists.owasp.org
> > [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Vlatko
> Kosturjak
> > Sent: Friday, September 04, 2009 6:44 PM
> > To: owasp-leaders at lists.owasp.org
> > Subject: Re: [Owasp-leaders] Is there a PHP equivalent to Webgoat?
> >
> > Actually, IronGeek has interesting list of vulnerable web applications
> (nice
> > to check);
> >
> http://www.irongeek.com/i.php?page=security/deliberately-insecure-web-applic
> > ations-for-learning-web-app-security
> >
> > Hope it helps,
> >
> > Adrian Crenshaw wrote:
> >> This may be what you want:
> >> http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vu
> >> lnerable-php-owasp-top-10
> >>
> >> On Fri, Sep 4, 2009 at 4:30 PM, Michael Menefee <mmenefee at gmail.com
> >> <mailto:mmenefee at gmail.com>> wrote:
> >>
> >> Although not exactly the same, there are many deliberately insecure
> >> testing sites out there, like the hacme series from Foundstone:
> >>
> >> http://www.foundstone.com/us/resources-free-tools.asp
> >> Andrew Hay wrote:
> >>> I¹ve had several people ask me if such a beast exists.
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090906/fb1496d3/attachment.html 


More information about the OWASP-Leaders mailing list