Friday, August 13, 2010

Vulnerable Web Applications for testing and practice

I'm working on a small presentation for web application testing.  In order to get the bullet points across, I want to have an application where the students can actually try the attacks and see the results as I find that this gets the points across more effectively than PowerPoint slides.  Knowing only a handful of the more popular applications, I started searching.  Google gave me more than I could imagine, and I'm listing a bunch of them here.

This first group are actual applications to be installed:
Vincum
OWASP WebGoat
OWASP Insecure Web App Project
Damn Vulnerable Web App
Hacme Travel
Hacme Bank
Hacme Shipping
Hacme Casino
Hacme Books
Mutillade
The Butterfly Project
Stanford SecuriBench
BadStore
Gruyere
WackoPicko
BodgeIt Store

Live sites (hosted on the internet):
SPI Dynamics
Cenzic
Watchfire
Acunetix (php)
Acunetix (asp)
NT Objectives

If I have missed a good one, please let me know.  I haven't picked one yet, I'm still evaluating.  But I'll add to the list as I hear of and try more applications.

edit: 4-19-2011 added BodgeIt Store

No comments:

Post a Comment