[Owasp-leaders] Web Application Vulnerability Examples

Stephen de Vries stephen at twisteddelight.org
Thu Dec 23 05:02:53 EST 2010


On Dec 23, 2010, at 10:25 AM, Chris Weber wrote:

> I created a set of pages for regression testing our Watcher passive scanner.  It's kind of embarrassing in it's simplicity

It's beautiful in it's simplicity :) This is exactly the type of web app that would be very useful for scanners.  Any chance of opening it up - or do you accept submission of new test cases?

Stephen

> 
> 
> On Dec 22, 2010, at 5:33 AM, "psiinon" <psiinon at gmail.com> wrote:
> 
>> Hi folks,
>> 
>> As part of the development of the Zed Attack Proxy I need a simple set
>> of web pages that exhibit standard vulnerabilities.
>> I know about the example vulnerable apps like Webgoat, DVWA, Gruyere,
>> Hackme etc.
>> However these are aimed at people.
>> I want a set of web pages for regression testing ZAP, so I'd like as
>> many examples and variants as possible, ideally with just one example
>> per page.
>> 
>> Do any of you know of such examples?
>> 
>> If not then I'll implement them myself (I've already made a start),
>> but if anyone else wants to get involved then I'd welcome the
>> assistance :)
>> 
>> I guess these examples could be useful to other projects.
>> In theory such pages could be used to test the effectiveness of
>> vulnerability scanners, although my goal is to develop a regression
>> test suite for ZAP.
>> They could also be used as a training aid. (Not sure what a specific
>> vulnerability looks like in practice? Look here...)
>> So does anyone think they should be spun of into a new OWASP project,
>> either now or potentially later?
>> 
>> Many thanks,
>> 
>> Psiinon
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list