[Owasp-leaders] Vulnerable web apps - in Docker!

Marcos Machado marcos.machado at owasp.org
Thu Oct 6 01:43:56 UTC 2016


It's nice,

Are you uploading the Dockerfile on github and set up automated build?

it's nice to share how the docker image was created and to others trust in
images (sometimes images on docker hub are unsec)

great work

Marcos Machado
OWASP Curitiba


On Fri, Sep 30, 2016 at 11:24 AM, Evin Hernandez <evin.hernandez at gmail.com>
wrote:

> We can spin these docker images up on virtual village at no cost to us .
> It has container capabilities. Let me know if you want to test a few
>
> On Fri, Sep 30, 2016 at 8:34 AM, psiinon <psiinon at gmail.com> wrote:
>
>> Arg, I should always try links in a new browser before publishing them :P
>>
>> The correct link is https://hub.docker.com/u/owaspvwad/
>>
>> Thanks for letting me know!
>>
>> On Fri, Sep 30, 2016 at 1:30 PM, Rafael Gil <rafael.gillarios at owasp.org>
>> wrote:
>>
>>> Hi,
>>>
>>> Is it me or the link is broken?
>>>
>>> Regards.
>>>
>>>
>>> On Friday, 30 September 2016, psiinon <psiinon at gmail.com> wrote:
>>>
>>>> Hi Leaders,
>>>>
>>>> Remember the VWAD project?
>>>> https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applica
>>>> tions_Directory_Project
>>>> It documents lots of lovely vulnerable web apps for you to play with.
>>>>
>>>> The trouble is, some of them can be a pain to install.
>>>>
>>>> So I've started building up a small collection of docker images for
>>>> some of these apps, and published them here:
>>>> https://hub.docker.com/u/owaspvwad/dashboard/
>>>> We also just happen to use some of them for testing ZAP, and want to
>>>> use more ;)
>>>>
>>>> I didnt want to use the OWASP DockerHub organisation as most of them
>>>> wont be OWASP projects.
>>>> Some are straight copies of instances other people have created, others
>>>> ones I've knocked up.
>>>>
>>>> I like the idea of having one place people can go to find these images
>>>> rather than hunt around. I plan to link them off the VWAD page when I get
>>>> some time.
>>>>
>>>> I'm not sure if the relevant OWASP projects (securityshepherd,
>>>> railsgoat, benchmark) should also be copied into that org?
>>>>
>>>> Feedback and especially more vuln docker images appreciated:)
>>>>
>>>> Cheers,
>>>>
>>>> Simon
>>>>
>>>> --
>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>
>>>
>>
>>
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> Thank You
>
> Evin Hernandez
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161005/6c6381be/attachment.html>


More information about the OWASP-Leaders mailing list