MasterBugs Released

["Gerald Quakenbush" <geraldq () mastermindsecuritygroup com>]

MasterBugs is a GNU-licensed application that is written in legacy ASP scripts
with a Microsoft SQL Server backend. I developed it for use in a appsec
training program that I do and recently got enough of it re-written so it can
be open-sourced.

It is similar in purpose to WebGoat and Hacme Bank. Originally, the program
was a proof-of-concept program for a project that never grew legs. That
original version was written back in 96 and used some concepts similar to
AJAX. These concepts bring about some interesting security issues all their
own.

Here's the site:
http://www.quakenbush.com

At this point, I haven't published a list of vulnerabilities in the
application, so if you try it out, keep track of all the issues you find and
when I get the list put together you will have something to compare it to.

Thanks,

-Gerald

---------------------------------------
Gerald Quakenbush
Author of Web Hacker Boot Camp
http://www.quakenbush.com


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire named worldwide market share leader in web application security 
assessment by leading market research firm. Watchfire's AppScan is the 
industry's first and leading web application security testing suite, and 
the only solution to provide comprehensive remediation tasks at every 
level of the application. See for yourself. 
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007t9c
--------------------------------------------------------------------------