WebApp Sec mailing list archives
Re: Need a real Java web application with vulnerabilities
From: Wagner Elias <wagner.elias () gmail com>
Date: Mon, 8 Mar 2010 10:01:15 -0300
OWASP Broken Web App Project contains WebGoat an app vulnerable in Java. http://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project#tab=Project_Details Regards 2010/3/8 Holger Peine <Holger.Peine () fh-hannover de>:
Hello, I have a student who wants to perform a mostly manual security review of some Java web application as his master's thesis work. I am well aware of pedagogical, deliberately insecure applications like Webgoat and many others. However, we need a real application for this: - Real code, since the job should create a realistic experience for the student, and the results should not be readily available in advance (as with Webgoat etc.) - Open source, so that source code review is possible, too - Containing some vulnerabilities (so that the review will not be too frustrating) - Medium-sized, to give a student (who has some beginner knowledge of web security) maybe two months of review work (the rest of his time will go into understanding web securty review and testing techniques and into writing up) - Written in Java (e.g. not PHP), since this is the only language the student is sufficiently proficient in. I was thinking that an early version of some open source application such as a CMS might be a good candidate(?) I'm hoping for your suggestions, Holger Peine -- Prof. Dr. Holger Peine FH Hannover, Fakultät IV, Abt. Informatik Tel: +49(511)9296-1830 Fax: -1810 (shared, please state my name) Ricklinger Stadtweg 120, D-30459 Hannover, Germany This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
-- Wagner Elias - OWASP Leader Project Brazil ------------------------------------------------------------------ Twitter: www.twitter.com/welias Blog: http://wagnerelias.com Profile: http://www.linkedin.com/in/wagnerelias This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Need a real Java web application with vulnerabilities Holger Peine (Mar 08)
- Re: Need a real Java web application with vulnerabilities Wagner Elias (Mar 08)
- Re: Need a real Java web application with vulnerabilities Kvetch (Mar 08)
- Re: Need a real Java web application with vulnerabilities Federico Maggi (Mar 08)
- Re: Need a real Java web application with vulnerabilities Marc-André Laverdière (Mar 08)
- Security BSides Austin - sponsors needed! Benjamin Tomhave (Mar 08)
- Message not available
- Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Steve Pinkham (Mar 08)
- RE: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Calderon, Juan Carlos (GE, Corporate, consultant) (Mar 08)
- Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Steve Pinkham (Mar 08)
- Re: Need a real Java web application with vulnerabilities Morgan Reed (Mar 08)
- Re: Need a real Java web application with vulnerabilities Yu Qu (Mar 08)