[Owasp-leaders] Vulnerable web apps - in Docker!

psiinon psiinon at gmail.com
Fri Sep 30 12:24:37 UTC 2016


Hi Leaders,

Remember the VWAD project?
https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project
It documents lots of lovely vulnerable web apps for you to play with.

The trouble is, some of them can be a pain to install.

So I've started building up a small collection of docker images for some of
these apps, and published them here:
https://hub.docker.com/u/owaspvwad/dashboard/
We also just happen to use some of them for testing ZAP, and want to use
more ;)

I didnt want to use the OWASP DockerHub organisation as most of them wont
be OWASP projects.
Some are straight copies of instances other people have created, others
ones I've knocked up.

I like the idea of having one place people can go to find these images
rather than hunt around. I plan to link them off the VWAD page when I get
some time.

I'm not sure if the relevant OWASP projects (securityshepherd, railsgoat,
benchmark) should also be copied into that org?

Feedback and especially more vuln docker images appreciated:)

Cheers,

Simon

-- 
OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160930/f6cf4f7c/attachment.html>


More information about the OWASP-Leaders mailing list