[Owasp-leaders] Vulnerable XXE VM now part of Vicnum

Mordecai Kraushar mordecai.kraushar at owasp.org
Tue Mar 10 15:59:46 UTC 2015


The OWASP Vicnum Project
https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project  has been
updated to include a vulnerable XXE VM at http://xxe.sourceforge.net/

This VM was used in recent CTF events including the Breaking Bad challenge
event at APPSEC in NY in late 2013.

As will other vulnerable or broken apps the basic goal of  the project  is

   - Test web application scanners
   - Test manual attack techniques
   - Test source code analysis tools
   - Look at the code that allows the vulnerabilities
   - Test web application firewalls
   - Have a little fun.

Thanks much to Nicole Becher for all of this.

Mordecai Kraushar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20150310/c9229707/attachment.html>

More information about the OWASP-Leaders mailing list