[Owasp-topten] Mutillidae: A Deliberately Vulnerable Set Of PHPScripts That Implement The OWASP Top 10

Dave Wichers dave.wichers at aspectsecurity.com
Tue Mar 3 09:07:52 EST 2009


Adrian,

 

I'd encourage you to coordinate your activities with Bruce Mayhew who
runs the webgoat project. 

 

Rather than building a whole new app, maybe you could work with him to
make the lessons that are difficult, easier to understand.

 

However, the more the merrier as well so if you want to build another
vulnerable app, please do. I would still coordinate with Bruce as he
might be able to link to your application so people can see there are
other demo apps in other languages that might be more appropriate for
them.

 

Is your app going to be released open source like WebGoat?

 

Thanks, Dave

 

From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Adrian
Crenshaw
Sent: Monday, March 02, 2009 12:16 PM
To: Owasp-topten at lists.owasp.org
Subject: [Owasp-topten] Mutillidae: A Deliberately Vulnerable Set Of
PHPScripts That Implement The OWASP Top 10

 

What I'm attempting to do with Mutillidae is implement the OWASP Top 10
<http://www.owasp.org/index.php/OWASP_Top_Ten_Project>  in PHP, and do
it in such a way that it is easy to demonstrate common attacks to
others.

http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vuln
erable-php-owasp-top-10

It's something I've been working on and would love to get suggestions on
from other OWASP members. I dig WebGoat, but sometimes it's a little
hard to figure out exactly what they want you to do to exploit a given
web application. Also, WebGoat may be a little too complex to use when
introducing a web programming newbie to web application security (it's
easy to get lost in the code, especially J2EE). In an attempt to have
something to use as a demo in my videos and in class, I started the
Mutillidae project. 

Thanks,
Adrian

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20090303/cc27b9c3/attachment.html 


More information about the Owasp-topten mailing list