[Owasp-leaders] Web Application Vulnerability Examples

eric sheridan eric.sheridan at owasp.org
Wed Dec 22 09:02:40 EST 2010


John,

I'd be interested in this application as well. We really need a modern
WebGoat replacement - something using technologies from within the past 5
years :)

Is your application 'exercise' based? Open source? Is it at a point where
you could have contributors?

-Eric

On Wed, Dec 22, 2010 at 8:47 AM, psiinon <psiinon at gmail.com> wrote:

> Hi John,
>
> That would be great :)
>
> Is it available now?
> I'd be happy to help with the development of it.
> The examples I've done so far are all JSP based, including some using
> an in-memory SQL db :)
> I'd also be very interested in using it for the training courses I run!
>
> Many thanks,
>
> Psiinon
>
> On Wed, Dec 22, 2010 at 1:39 PM, John Wilander <john.wilander at owasp.org>
> wrote:
> > Hi Psiion (and the rest)!
> >
> > I've been working on a joint "New Webgoat + OWASP Demo App" to use for
> both
> > training and demos. I used it for my two talks at IBWAS last week. Maybe
> we
> > could make it the tool you want?
> > Java/jsp, Struts 2, JAX-RS, Spring, Mockito, JQuery, Maven, Jetty,
> IntelliJ
> > CE etc. Next in line are SQL and NOSQL persistence layers.
> >    /John
> >
> > 2010/12/22 psiinon <psiinon at gmail.com>
> >>
> >> Hi folks,
> >>
> >> As part of the development of the Zed Attack Proxy I need a simple set
> >> of web pages that exhibit standard vulnerabilities.
> >> I know about the example vulnerable apps like Webgoat, DVWA, Gruyere,
> >> Hackme etc.
> >> However these are aimed at people.
> >> I want a set of web pages for regression testing ZAP, so I'd like as
> >> many examples and variants as possible, ideally with just one example
> >> per page.
> >>
> >> Do any of you know of such examples?
> >>
> >> If not then I'll implement them myself (I've already made a start),
> >> but if anyone else wants to get involved then I'd welcome the
> >> assistance :)
> >>
> >> I guess these examples could be useful to other projects.
> >> In theory such pages could be used to test the effectiveness of
> >> vulnerability scanners, although my goal is to develop a regression
> >> test suite for ZAP.
> >> They could also be used as a training aid. (Not sure what a specific
> >> vulnerability looks like in practice? Look here...)
> >> So does anyone think they should be spun of into a new OWASP project,
> >> either now or potentially later?
> >>
> >> Many thanks,
> >>
> >> Psiinon
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> >
> > --
> > John Wilander, https://twitter.com/johnwilander
> > Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> > Co-organizer Global Summit, http://www.owasp.org/index.php/Summit_2011
> > Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> >
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20101222/9055bda1/attachment.html 


More information about the OWASP-Leaders mailing list