WebApp Sec mailing list archives

Re: [WEB SECURITY] "hack-me" Ajax apps?

From: <kurt () shopdecorum com>
Date: Wed, 16 Aug 2006 11:26:00 -0700

Jeff-

I have an AJAX-enabled version of BadStore.net that is basically ready for distribution (awaiting primarily 
documentation updates).  There is an AJAX search function that hits against a MySQL table and returns XML data through 
CGI::AJAX.

The current public version of BadStore.net is v1.2.3 and has basic WebAppSec demo capabilities.  The AJAX/Web Services 
is v2.1.x and I can email you a Beta for review and comment.  If you're interested in contributing your coding talents 
to this open-source project, that would also be encouraged and appreciated!

What AJAX hacking capabilities are you looking for???  It should be relatively easy to bake it in, as the 
infrastructure is already in place. 

-Kurt

PS - BadStore.net is a GNU-licensed open-source demo, training, and evaluation platform for WebAppSec.  It's a bootable 
distro that's distibuted as an .iso image that runs a vulnerable server/app directly or under virtualization (VMWare, 
Que, etc.) requiring only 128MB memory.  BadStore.net is LAMP (Linux Apache MySQL and Perl) and requires no 
installation - just boot and point a browser at it.  When you hack it to death, just reboot and you're back where you 
started.
-----Original Message-----

From:  "Jeff Robertson" <jeff.robertson () digitalinsight com>
Subj:  [WEB SECURITY] "hack-me" Ajax apps?
Date:  Wed Aug 16, 2006 5:13 am
Size:  480 bytes
To:  <webappsec () securityfocus com>,<websecurity () webappsec org>

Where could I find hackable, fake, Ajax application? Like webgoat, etc.,
but all Ajax?

If the answer is to "write one", I'm willing, but I'd rather not
reinvent any wheels.


----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]




-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------

Current thread:

RE: [WEB SECURITY] "hack-me" Ajax apps? Jeff Robertson (Aug 16)
- <Possible follow-ups>
- Re: [WEB SECURITY] "hack-me" Ajax apps? kurt (Aug 16)