Secure Coding mailing list archives
Seeking vulnerable server-side scripts
From: jericho at attrition.org (security curmudgeon)
Date: Wed, 6 May 2009 17:08:47 +0000 (UTC)
Hi Jeremy, : I'm experimenting (on paper initially) with a technique for improving : resiliency of web applications, and to do so am looking for examples : of server side scripts (PHP, Perl, whatever) that have security : vulnerabilities, to see if the technique would work. If you have : If there are repositories of such things, please excuse the newbie : question and point me in the right direction! There are several applications designed specifically for this: Mutillidae http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 Foundstone's Hacme Bank and Hacme Travel http://www.foundstone.com/us/resources-free-tools.asp WebGoat http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project I believe there are more, but those are the first to come to mind.
Current thread:
- Seeking vulnerable server-side scripts Jeremy Epstein (May 06)
- Seeking vulnerable server-side scripts Steven M. Christey (May 06)
- Seeking vulnerable server-side scripts security curmudgeon (May 06)
- Seeking vulnerable server-side scripts security curmudgeon (May 06)
- Seeking vulnerable server-side scripts Jim Manico (May 06)
- Seeking vulnerable server-side scripts jrose (May 06)
- Seeking vulnerable server-side scripts security curmudgeon (May 06)