WebApp Sec mailing list archives
Re: Need a real Java web application with vulnerabilities
From: Marc-André Laverdière <marc-andre () atc tcs com>
Date: Mon, 08 Mar 2010 19:23:37 +0530
You can have a try at Securibench. Some of the apps in there don't run without some serious armtwisting though, but its good enough for manual review and static analysis.
Marc-André Laverdière Software Security Scientist Innovation Labs, Tata Consultancy Services Hyderabad, India On Monday 08 March 2010 02:15 PM, Holger Peine wrote:
Hello, I have a student who wants to perform a mostly manual security review of some Java web application as his master's thesis work. I am well aware of pedagogical, deliberately insecure applications like Webgoat and many others. However, we need a real application for this: - Real code, since the job should create a realistic experience for the student, and the results should not be readily available in advance (as with Webgoat etc.) - Open source, so that source code review is possible, too - Containing some vulnerabilities (so that the review will not be too frustrating) - Medium-sized, to give a student (who has some beginner knowledge of web security) maybe two months of review work (the rest of his time will go into understanding web securty review and testing techniques and into writing up) - Written in Java (e.g. not PHP), since this is the only language the student is sufficiently proficient in. I was thinking that an early version of some open source application such as a CMS might be a good candidate(?) I'm hoping for your suggestions, Holger Peine
This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE.Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Current thread:
- Need a real Java web application with vulnerabilities Holger Peine (Mar 08)
- Re: Need a real Java web application with vulnerabilities Wagner Elias (Mar 08)
- Re: Need a real Java web application with vulnerabilities Kvetch (Mar 08)
- Re: Need a real Java web application with vulnerabilities Federico Maggi (Mar 08)
- Re: Need a real Java web application with vulnerabilities Marc-André Laverdière (Mar 08)
- Security BSides Austin - sponsors needed! Benjamin Tomhave (Mar 08)
- Message not available
- Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Steve Pinkham (Mar 08)
- RE: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Calderon, Juan Carlos (GE, Corporate, consultant) (Mar 08)
- Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Steve Pinkham (Mar 08)
- Re: Need a real Java web application with vulnerabilities Morgan Reed (Mar 08)
- Re: Need a real Java web application with vulnerabilities Yu Qu (Mar 08)