[Owasp-leaders] Web Application Vulnerability Examples

psiinon psiinon at gmail.com
Wed Dec 22 08:47:46 EST 2010


Hi John,

That would be great :)

Is it available now?
I'd be happy to help with the development of it.
The examples I've done so far are all JSP based, including some using
an in-memory SQL db :)
I'd also be very interested in using it for the training courses I run!

Many thanks,

Psiinon

On Wed, Dec 22, 2010 at 1:39 PM, John Wilander <john.wilander at owasp.org> wrote:
> Hi Psiion (and the rest)!
>
> I've been working on a joint "New Webgoat + OWASP Demo App" to use for both
> training and demos. I used it for my two talks at IBWAS last week. Maybe we
> could make it the tool you want?
> Java/jsp, Struts 2, JAX-RS, Spring, Mockito, JQuery, Maven, Jetty, IntelliJ
> CE etc. Next in line are SQL and NOSQL persistence layers.
>    /John
>
> 2010/12/22 psiinon <psiinon at gmail.com>
>>
>> Hi folks,
>>
>> As part of the development of the Zed Attack Proxy I need a simple set
>> of web pages that exhibit standard vulnerabilities.
>> I know about the example vulnerable apps like Webgoat, DVWA, Gruyere,
>> Hackme etc.
>> However these are aimed at people.
>> I want a set of web pages for regression testing ZAP, so I'd like as
>> many examples and variants as possible, ideally with just one example
>> per page.
>>
>> Do any of you know of such examples?
>>
>> If not then I'll implement them myself (I've already made a start),
>> but if anyone else wants to get involved then I'd welcome the
>> assistance :)
>>
>> I guess these examples could be useful to other projects.
>> In theory such pages could be used to test the effectiveness of
>> vulnerability scanners, although my goal is to develop a regression
>> test suite for ZAP.
>> They could also be used as a training aid. (Not sure what a specific
>> vulnerability looks like in practice? Look here...)
>> So does anyone think they should be spun of into a new OWASP project,
>> either now or potentially later?
>>
>> Many thanks,
>>
>> Psiinon
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> --
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


More information about the OWASP-Leaders mailing list