[Owasp-topten] Mutillidae: A Deliberately Vulnerable Set Of PHPScripts That Implement The OWASP Top 10

Adrian Crenshaw irongeek at irongeek.com
Tue Mar 3 09:23:55 EST 2009


Yes, it's open source. I consider it "PHP License v3.01", though I need to
add that to the code/information someplace.

Adrian

On Tue, Mar 3, 2009 at 9:07 AM, Dave Wichers <
dave.wichers at aspectsecurity.com> wrote:

>  Adrian,
>
>
>
> I’d encourage you to coordinate your activities with Bruce Mayhew who runs
> the webgoat project.
>
>
>
> Rather than building a whole new app, maybe you could work with him to make
> the lessons that are difficult, easier to understand.
>
>
>
> However, the more the merrier as well so if you want to build another
> vulnerable app, please do. I would still coordinate with Bruce as he might
> be able to link to your application so people can see there are other demo
> apps in other languages that might be more appropriate for them.
>
>
>
> Is your app going to be released open source like WebGoat?
>
>
>
> Thanks, Dave
>
>
>
> *From:* owasp-topten-bounces at lists.owasp.org [mailto:
> owasp-topten-bounces at lists.owasp.org] *On Behalf Of *Adrian Crenshaw
> *Sent:* Monday, March 02, 2009 12:16 PM
> *To:* Owasp-topten at lists.owasp.org
> *Subject:* [Owasp-topten] Mutillidae: A Deliberately Vulnerable Set Of
> PHPScripts That Implement The OWASP Top 10
>
>
>
> What I'm attempting to do with Mutillidae is implement the OWASP Top 10<http://www.owasp.org/index.php/OWASP_Top_Ten_Project>in PHP, and do it in such a way that it is easy to demonstrate common
> attacks to others.
>
>
> http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
>
> It's something I've been working on and would love to get suggestions on
> from other OWASP members. I dig WebGoat, but sometimes it's a little hard to
> figure out exactly what they want you to do to exploit a given web
> application. Also, WebGoat may be a little too complex to use when
> introducing a web programming newbie to web application security (it's easy
> to get lost in the code, especially J2EE). In an attempt to have something
> to use as a demo in my videos and in class, I started the Mutillidae
> project.
>
> Thanks,
> Adrian
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-topten/attachments/20090303/89efeb74/attachment.html 


More information about the Owasp-topten mailing list