[Owasp-leaders] Vulnerable web apps - in Docker!

psiinon psiinon at gmail.com
Thu Oct 6 08:23:10 UTC 2016


Will definitely upload the Dockerfiles on github.
Hadnt thought of setting up automated builds, but that would be a really
good idea as well.

Thanks for those suggestions, I'll report back when done :)

Simon

On Thu, Oct 6, 2016 at 2:43 AM, Marcos Machado <marcos.machado at owasp.org>
wrote:

> It's nice,
>
> Are you uploading the Dockerfile on github and set up automated build?
>
> it's nice to share how the docker image was created and to others trust in
> images (sometimes images on docker hub are unsec)
>
> great work
>
> Marcos Machado
> OWASP Curitiba
>
>
> On Fri, Sep 30, 2016 at 11:24 AM, Evin Hernandez <evin.hernandez at gmail.com
> > wrote:
>
>> We can spin these docker images up on virtual village at no cost to us .
>> It has container capabilities. Let me know if you want to test a few
>>
>> On Fri, Sep 30, 2016 at 8:34 AM, psiinon <psiinon at gmail.com> wrote:
>>
>>> Arg, I should always try links in a new browser before publishing them :P
>>>
>>> The correct link is https://hub.docker.com/u/owaspvwad/
>>>
>>> Thanks for letting me know!
>>>
>>> On Fri, Sep 30, 2016 at 1:30 PM, Rafael Gil <rafael.gillarios at owasp.org>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Is it me or the link is broken?
>>>>
>>>> Regards.
>>>>
>>>>
>>>> On Friday, 30 September 2016, psiinon <psiinon at gmail.com> wrote:
>>>>
>>>>> Hi Leaders,
>>>>>
>>>>> Remember the VWAD project?
>>>>> https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applica
>>>>> tions_Directory_Project
>>>>> It documents lots of lovely vulnerable web apps for you to play with.
>>>>>
>>>>> The trouble is, some of them can be a pain to install.
>>>>>
>>>>> So I've started building up a small collection of docker images for
>>>>> some of these apps, and published them here:
>>>>> https://hub.docker.com/u/owaspvwad/dashboard/
>>>>> We also just happen to use some of them for testing ZAP, and want to
>>>>> use more ;)
>>>>>
>>>>> I didnt want to use the OWASP DockerHub organisation as most of them
>>>>> wont be OWASP projects.
>>>>> Some are straight copies of instances other people have created,
>>>>> others ones I've knocked up.
>>>>>
>>>>> I like the idea of having one place people can go to find these images
>>>>> rather than hunt around. I plan to link them off the VWAD page when I get
>>>>> some time.
>>>>>
>>>>> I'm not sure if the relevant OWASP projects (securityshepherd,
>>>>> railsgoat, benchmark) should also be copied into that org?
>>>>>
>>>>> Feedback and especially more vuln docker images appreciated:)
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Simon
>>>>>
>>>>> --
>>>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>>>
>>>>
>>>
>>>
>>> --
>>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> Thank You
>>
>> Evin Hernandez
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>


-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161006/325e44c9/attachment.html>


More information about the OWASP-Leaders mailing list