[Owasp-leaders] webapps for security training

psiinon psiinon at gmail.com
Mon Jun 25 14:46:09 UTC 2012


You tried the Bodge It Store?
http://code.google.com/p/bodgeit/

Looks like a real world app (if not very pretty) and is easy to install.
I created it for some 'intro to pentesting' courses I ran a while ago, so
its suitable for beginners but not hard core security pros!

Cheers,

Simon

On Mon, Jun 25, 2012 at 3:38 PM, Antonio Fontes <antonio.fontes at owasp.org>wrote:

> Jerry,
>
> No, any language is welcome.
>
> The "filter" is rather based on what you'd call the real-world feel
> (like the Hacme* apps we had some years ago).
>
> I gave a training on Gruyere a few days ago and it was an interesting
> case: some could grasp the technical aspects of the application but most
> of the students were a bit stuck in front of it just because didn't
> understand what it was actually doing.
>
> Understanding the technical aspect of the attack was easy but making it
> obvious for the student what is actually happening on a business
> perspective seems a bit harder if you don't have a good app to work on.
>
> (thanks for the reply)
> Antonio
>
>
> On 25.06.2012 16:24, Jerry Hoff wrote:
> > Antonio,
> >
> > Are you looking for a particular language?  I'm about to do a major push
> > for WebGoat.NET - and I've built in both lessons and a sample
> > application to give more of a real-world feel.
> >
> > Jerry
> >
> > On 6/25/12 9:19 AM, Antonio Fontes wrote:
> >> Hello leaders,
> >>
> >> Any pointers to *recent* open source web applications that you
> >> successfully integrated (or believe they would integrate) well in a
> >> secure coding training? Any technologies are welcomed, and not
> >> necessarily "security-oriented" apps like Webgoat.
> >>
> >> Antonio
> >>
> >>
> >> --
> >> OWASP Switzerland, board member
> >> OWASP Geneva, chapter leader
> >>   skype: antonio.fontes
> >>
> >> _______________________________________________
> >> OWASP-Leaders mailing list
> >> OWASP-Leaders at lists.owasp.org
> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>



-- 
OWASP ZAP: Toolsmith Tool of the Year
2011<http://holisticinfosec.blogspot.com/2012/02/2011-toolsmith-tool-of-year-owasp-zap.html>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120625/2f9cfe31/attachment.html>


More information about the OWASP-Leaders mailing list