Secure Coding mailing list archives

Seeking vulnerable server-side scripts

From: jericho at attrition.org (security curmudgeon)
Date: Wed, 6 May 2009 17:17:19 +0000 (UTC)


: There are several applications designed specifically for this:
: 
: Mutillidae
: http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
: 
: Foundstone's Hacme Bank and Hacme Travel
: http://www.foundstone.com/us/resources-free-tools.asp
: 
: WebGoat
: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project 
: 
: 
: I believe there are more, but those are the first to come to mind.

A couple more:

Stanford SecuriBench
http://suif.stanford.edu/~livshits/securibench/

w3af's "moth"
http://sourceforge.net/project/showfiles.php?group_id=170274
http://sourceforge.net/mailarchive/forum.php?thread_name=cdfaf8b20905051759o76a0f6f1o171928dd9b1d5e30%40mail.gmail.com&forum_name=w3af-develop

Current thread:

Seeking vulnerable server-side scripts Jeremy Epstein (May 06)
- Seeking vulnerable server-side scripts Steven M. Christey (May 06)
- Seeking vulnerable server-side scripts security curmudgeon (May 06)
  - Seeking vulnerable server-side scripts security curmudgeon (May 06)
    - Seeking vulnerable server-side scripts Jim Manico (May 06)
    - Seeking vulnerable server-side scripts jrose (May 06)