[Owasp-leaders] Fwd: OWASP Broken Web Applications Version 1.1.1 Released

Chuck Willis chuck at securityfoundry.com
Sat Sep 28 19:27:00 UTC 2013

Good afternoon, all,

   I'm proud to announce the released of version 1.1.1 of the OWASPBWA VM.
This release is relatively minor, but there were a couple items that I
wanted to address:

- Fixed issue with Tomcat not starting in some circumstances (
http://code.google.com/p/owaspbwa/issues/detail?id=83). Thanks to the
individuals who reported this issue (that I did not experience) and
confirmed the fix.
- Updated Mutillidae and transitioned to use its new Git repository
- VM is now available for download in .ova format, which should make it
easier to use in virtualization packages other than VMware products.

   As a refresher, the changelogs for version 1.1 are included at the
bottom of this email. File names, MD5s, and sizes for this release are

OWASP_Broken_Web_Apps_VM_1.1.1.7z  MD5: 388fe51941133854c895661c7493126c
Size: 1.2 GB
OWASP_Broken_Web_Apps_VM_1.1.1.zip  MD5: 6355c7bb17ddbf03e7e8b7b36ed3124c
Size: 1.6 GB
OWASP_Broken_Web_Apps_VM_1.1.1.ova  MD5: 9e3dcc03ac8f8de2b0d02d3b8e68fd56
Size: 1.8 GB

   If you notice any issues with the VM, please let us know via the issue
tracker on Google Code (preferred -
https://code.google.com/p/owaspbwa/issues/list), email to the group here,
or email directly to me.  Also, please continue to submit (and view)
vulnerabilities at http://sourceforge.net/apps/trac/owaspbwa/report/1.


Version 1.1 - 2013-07-30
- Updated Mutillidae, Cyclone, and WAVSEP
- Updated OWASP Bricks and configured it to pull from SVN
- Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include Lua
- Increased VM's RAM allocation to 1Gb
- Set Tomcat to run as root (to allow some traversal issues tested by
- Updated landing page for OWASP 1-Liner to reflect that the application is
not fully functional

Version 1.1beta1 - 2013-07-10
- Added new applications: OWASP 1-liner, OWASP RailsGoat, OWASP Bricks,
SpiderLabs "Magical Code Injection Rainbow", Cyclone
- Updated Mutillidae (name, version, and to use new SVN repository)
- Updated DVWA to new Git repository
- Added SSL support to web server
- Updated ModSecurity and updated Core Rule Set to current in Git
- Known issues:
  o ModSecurity CRS blocking does not work
  o OWASP 1-liner application appears to have functional issues (it was
heavily modified to run on the VM through Apache)
  o Other new applications have not been fully tested
  o User Guide has not been updated
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130928/656513e7/attachment.html>

More information about the OWASP-Leaders mailing list