[Owasp-leaders] OWASP Vulnerable Web Applications Directory Project

psiinon psiinon at gmail.com
Fri Oct 18 15:26:15 UTC 2013


Hey Jim,

The idea is that VWAD is a complete list of all vulnerable web apps (OWASP
or otherwise), so it does (of course) include BWA.

However someones requested that we maintain a copy of _all_ the apps
somewhere (
http://www.reddit.com/r/netsec/comments/1ontfx/owasp_vulnerable_web_applications_directory/
)

Could that be on the OWASP site, or part of BWA?

Suggestions on a postcard...

Simon


On Fri, Oct 18, 2013 at 4:21 PM, Jim Manico <jim.manico at owasp.org> wrote:

> Can we find some synergy with this new project and
> https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project ?
>
> Aloha,
> Jim
>
> > Hi leaders,
> >
> > I've been working with Raul to make the list of vulnerable web
> applications
> > he was maintaining on his blog (
> > http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
> )
> > into an OWASP Project.
> >
> > The result is the OWASP Vulnerable Web Applications Directory
> > Project<
> https://www.owasp.org/index.php?title=OWASP_Vulnerable_Web_Applications_Directory_Project
> >:)
> >
> > To quote from the project description:
> >
> > "OWASP Vulnerable Web Applications Directory (VWAD) Project is a
> > comprehensive and well maintained registry of all known vulnerable web
> > applications currently available. These vulnerable web applications can
> be
> > used by web developers, security auditors and penetration testers to put
> in
> > practice their knowledge and skills during training sessions (and
> specially
> > afterwards), as well as to test at any time the multiple hacking tools
> and
> > offensive techniques available, in preparation for their next real-world
> > engagement.
> >
> > VWAD main goal is to provide a list of vulnerable web applications
> > available to security professionals for hacking and offensive activities,
> > so that they can attack realistic web environments... without going to
> > jail :)
> >
> > The vulnerable web applications have been classified in three categories:
> > On-Line, Off-Line, and VMs/ISOs. Each list has been ordered
> alphabetically.
> >
> > An initial list that inspired this project was maintained till the end on
> > 2013 at:
> > http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html
> ."
> > Please let us know if anything is wrong or missing.
> > Or even better, just update the page yourself - the project is self
> > contained on the OWASP wiki so anyone can go in and correct things.
> >
> > And let us know if you have any suggestions for ways it could be
> improved.
> >
> > Oh, and spread the word - we want it to be the top result when you search
> > for "vulnerable web applications" using your favourite search engine.
> >
> > Cheers,
> >
> > Simon
> >
> >
> >
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> >
>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131018/69f19e95/attachment.html>


More information about the OWASP-Leaders mailing list