[Owasp-leaders] Web Application Vulnerability Examples

psiinon psiinon at gmail.com
Wed Dec 22 08:32:57 EST 2010

Hi folks,

As part of the development of the Zed Attack Proxy I need a simple set
of web pages that exhibit standard vulnerabilities.
I know about the example vulnerable apps like Webgoat, DVWA, Gruyere,
Hackme etc.
However these are aimed at people.
I want a set of web pages for regression testing ZAP, so I'd like as
many examples and variants as possible, ideally with just one example
per page.

Do any of you know of such examples?

If not then I'll implement them myself (I've already made a start),
but if anyone else wants to get involved then I'd welcome the
assistance :)

I guess these examples could be useful to other projects.
In theory such pages could be used to test the effectiveness of
vulnerability scanners, although my goal is to develop a regression
test suite for ZAP.
They could also be used as a training aid. (Not sure what a specific
vulnerability looks like in practice? Look here...)
So does anyone think they should be spun of into a new OWASP project,
either now or potentially later?

Many thanks,


More information about the OWASP-Leaders mailing list