[Owasp-leaders] OWASP Vulnerable Web Applications Directory Project

Neil Smithline neil.smithline at owasp.org
Fri Oct 18 18:03:04 UTC 2013


Github does a great job at storing files...

On Friday, October 18, 2013, Raul Siles wrote:

> Hi everyone,
> That suggestion will move us a step further, as VWAD will change from
> Directory to Repository.
>
> As far as I know, the idea of maintaining a copy of all the apps cannot be
> done via Broken Web Applications (BWA), as some of them are targeted to
> other platforms (e.g. Windows) or are VMs or ISOs in and out themselves.
>
> The point is to decide if OWASP is interested on storing a copy of all the
> apps in case the original disappear? Please, let us know.
>
> Cheers,
> --
> Raul
>
>
> On Oct 18, 2013, at 5:26 PM, psiinon <psiinon at gmail.com> wrote:
>
> > Hey Jim,
> >
> > The idea is that VWAD is a complete list of all vulnerable web apps
> (OWASP or otherwise), so it does (of course) include BWA.
> >
> > However someones requested that we maintain a copy of _all_ the apps
> somewhere (
> http://www.reddit.com/r/netsec/comments/1ontfx/owasp_vulnerable_web_applications_directory/
> )
> >
> > Could that be on the OWASP site, or part of BWA?
> >
> > Suggestions on a postcard...
> >
> > Simon
> >
> >
> > On Fri, Oct 18, 2013 at 4:21 PM, Jim Manico <jim.manico at owasp.org>
> wrote:
> > Can we find some synergy with this new project and
> https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project ?
> >
> > Aloha,
> > Jim
> >
> > > Hi leaders,
> > >
> > > I've been working with Raul to make the list of vulnerable web
> applications
> > > he was maintaining on his blog (
> > >
> http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html)
> > > into an OWASP Project.
> > >
> > > The result is the OWASP Vulnerable Web Applications Directory
> > > Project<
> https://www.owasp.org/index.php?title=OWASP_Vulnerable_Web_Applications_Directory_Project
> >:)
> > >
> > > To quote from the project description:
> > >
> > > "OWASP Vulnerable Web Applications Directory (VWAD) Project is a
> > > comprehensive and well maintained registry of all known vulnerable web
> > > applications currently available. These vulnerable web applications
> can be
> > > used by web developers, security auditors and penetration testers to
> put in
> > > practice their knowledge and skills during training sessions (and
> specially
> > > afterwards), as well as to test at any time the multiple hacking tools
> and
> > > offensive techniques available, in preparation for their next
> real-world
> > > engagement.
> > >
> > > VWAD main goal is to provide a list of vulnerable web applications
> > > available to security professionals for hacking and offensive
> activities,
> > > so that they can attack realistic web environments... without going to
> > > jail :)
> > >
> > > The vulnerable web applications have been classified in three
> categories:
> > > On-Line, Off-Line, and VMs/ISOs. Each list has been ordered
> alphabetically.
> > >
> > > An initial list that inspired this project was maintained till the end
> on
> > > 2013 at:
> > >
> http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html."
> > > Please let us know if anything is wrong or missing.
> > > Or even better, just update the page yourself - the project is self
> > > contained on the OWASP wiki so anyone can go in and correct things.
> > >
> > > And let us know if you have any suggestions for ways it could be
> improved.
> > >
> > > Oh, and spread the word - we want it to be the top result when you
> search
> > > for "vulnerable web applications" using your favourite search engine.
> > >
> > > Cheers,
> > >
> > > Simon
> > >
> > >
> > >
> > > _______________________________________________
> > > OWASP-Leaders mailing list
> > > OWASP-Leaders at lists.owasp.org
> > > https://lists.owasp.org/mailman/listinfo/owasp-leaders
> > >
> >
> >
> >
> >
> > --
> > OWASP ZAP Project leader
> > _______________________________________________
> > OWASP-Leaders mailing list
> > OWASP-Leaders at lists.owasp.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131018/e2942f50/attachment-0001.html>


More information about the OWASP-Leaders mailing list