[Owasp-o2-platform] Forking HacmeBank at OWASP

dinis cruz dinis.cruz at owasp.org
Mon Aug 30 07:09:02 EDT 2010


Hi OWASP Dotnet and O2 crowds

I recently published a version of HacmeBank created a while back and am now
making it an OWASP project (this already had a number of modifications from
the original Foundstone's version). You can get the current version at
http://code.google.com/p/owasp-hacmebank/ ,
http://code.google.com/p/owasp-hacmebank/downloads/list ,
http://code.google.com/p/owasp-hacmebank/source/browse/#svn/trunk/HacmeBank_v2.0%20%287%20Dec%2008%29(if
you haven't seen HacmeBank
Sql Database Explorer<http://code.google.com/p/owasp-hacmebank/source/browse/#svn/trunk/HacmeBank_v2.0%20%287%20Dec%2008%29/SqlInjection_DatabaseExplorer>which
is included in this version, it is worth a look since it is a very
strong demo of the power of SQL Injection)

Here are some ideas for the next steps:

   - upgrade this version to the latest version of .NET (4.0)
   - make parts of it run under ASP.NET MVC framework
   - remove the dependency of SQL server (maybe
FireBird<http://www.o2platform.com/wiki/AppSscan_7.9_-_Results_Viewer_%28FireBird_Database%29.h2>or
a Mocking API like
   Moq <http://www.o2platform.com/wiki/O2_API/Moq> )
   - write the unit tests for both BlackBox and WhiteBox findings (at the
   moment this can be doing using O2)
   - use these unit tests to create a 'fixed' version of HacmeBank
   - add a number of new vulnerabilities

Btw, to really make this into an OWASP project we need a leader for it that
is going to take over its development :)

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20100830/84252442/attachment.html 


More information about the Owasp-o2-platform mailing list