Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Seeking vulnerable server-side scripts

From: jim at manico.net (Jim Manico)
Date: Wed, 6 May 2009 08:25:36 -1000
I heard that http://www.twitter.com is a fun one, too. LITTERED with major 
vulns.

- Jim

----- Original Message ----- 
From: "security curmudgeon" <jericho at attrition.org>
To: "Jeremy Epstein" <jeremy.j.epstein at gmail.com>
Cc: <SC-L at securecoding.org>
Sent: Wednesday, May 06, 2009 7:17 AM
Subject: Re: [SC-L] Seeking vulnerable server-side scripts




: There are several applications designed specifically for this:
:
: Mutillidae
: 
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
:
: Foundstone's Hacme Bank and Hacme Travel
: http://www.foundstone.com/us/resources-free-tools.asp
:
: WebGoat
: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
:
:
: I believe there are more, but those are the first to come to mind.

A couple more:

Stanford SecuriBench
http://suif.stanford.edu/~livshits/securibench/

w3af's "moth"
http://sourceforge.net/project/showfiles.php?group_id=170274
http://sourceforge.net/mailarchive/forum.php?thread_name=cdfaf8b20905051759o76a0f6f1o171928dd9b1d5e30%40mail.gmail.com&forum_name=w3af-develop


_______________________________________________
Secure Coding mailing list (SC-L) SC-L at securecoding.org
List information, subscriptions, etc - 
http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: