WebApp Sec mailing list archives
OWASP WebGoat release WebMaven v1.0
From: bill <bill () owasp org>
Date: Thu, 24 Oct 2002 14:19:14 -0700 (PST)
------------------------------------------------------ The OWASP WebGoat 'blame it on the goat'project team are pleased to release Version 1.0 of WebMaven. WebMaven is an intentionally broken web application. It is intended to be used in a safe legal environment (your own host) as a training tool, as a a basic benchmark platform to test web application security scanners and as a HoneyPot. The current incarnation is a simple Perl CGI from which you can add your own HTML front-end. Example vulnerabilities include XSS, SQL injection and parameter tampering. The original code was developed by David Roades of MavenSecurity and many thanks go to Steve Taylor for the extra hours he has put into the project to ensure that it works with Apache on both Linux and Win32 environment. You can download the files in a zip or tar.gz file from the OWASP project page http://www.owasp.org/webgoat/ The work is not done yet though. Version 1 is really the proof of concept ! There are a limited set of vulnerabilities. We are immediately starting building V2 in Java or PHP and will look at a much more functional release early next year. More vulnerabilities, easier benchmarking results maybe even "plug and pray" holes {tm} ;-). If you want to join the project team and can offer some regular development time, please contact William Hau (bill () owasp org) with a quick note of your coding skills and time you can commit. One key output from this project will be to eventually start benchmarking commercial and opensource app scanners on the market today. If you use a commercial or open source tool and want to share your results, send them to bill () owasp org so we can collate them into a benchmark database. We were pretty shocked from our own internal tests ! In the mean while enjoy and remember that it is an intentionally insecure application. Do not deploy on systems you don't want compromised !. Look out for lots more OWASP development projects popping in http-land near you soon ! Enjoy ! OWASP WebGoat -----------------------------------------------------
Current thread:
- OWASP WebGoat release WebMaven v1.0 bill (Oct 24)