WebApp Sec mailing list archives
Re: Need a real Java web application with vulnerabilities
From: "Yu Qu" <qysh123 () 163 com>
Date: Mon, 8 Mar 2010 21:22:08 +0800
Hi, Peine and others: I have encountered similar problems too, my suggestion is please try to google the alphabetic strings like this: "sql injection vulnerability CVE site:web.nvd.nist.gov jsp" I believe that some positive results can be found. I'm also looking forward to other suggestions, thx! Best wishes! ------------------------------------ Yu Qu Ph.D. Candidate Student Ministry of Education Key Lab for Intelligent Networks and Network Security, PO.Box 1821#, Xi'an Jiaotong University, No.28 West Xianning Road, Xi'an, Shaanxi Province, China 710049 Tel: (+86)-029-82663330-817 Mail: yqu () sei xjtu edu cn Homepage: http://nskeylab.xjtu.edu.cn/people/yuqu ·¢¼þÈË£º Holger Peine ·¢ËÍʱ¼ä£º 2010-03-08 20:43:40 ÊÕ¼þÈË£º websecurity; webappsec ³ËÍ£º Ö÷Ì⣺ Need a real Java web application with vulnerabilities Hello, I have a student who wants to perform a mostly manual security review of some Java web application as his master's thesis work. I am well aware of pedagogical, deliberately insecure applications like Webgoat and many others. However, we need a real application for this: - Real code, since the job should create a realistic experience for the student, and the results should not be readily available in advance (as with Webgoat etc.) - Open source, so that source code review is possible, too - Containing some vulnerabilities (so that the review will not be too frustrating) - Medium-sized, to give a student (who has some beginner knowledge of web security) maybe two months of review work (the rest of his time will go into understanding web securty review and testing techniques and into writing up) - Written in Java (e.g. not PHP), since this is the only language the student is sufficiently proficient in. I was thinking that an early version of some open source application such as a CMS might be a good candidate(?) I'm hoping for your suggestions, Holger Peine -- Prof. Dr. Holger Peine FH Hannover, Fakultät IV, Abt. Informatik Tel: +49(511)9296-1830 Fax: -1810 (shared, please state my name) Ricklinger Stadtweg 120, D-30459 Hannover, Germany This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus -------------------------------------- This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Need a real Java web application with vulnerabilities Holger Peine (Mar 08)
- Re: Need a real Java web application with vulnerabilities Wagner Elias (Mar 08)
- Re: Need a real Java web application with vulnerabilities Kvetch (Mar 08)
- Re: Need a real Java web application with vulnerabilities Federico Maggi (Mar 08)
- Re: Need a real Java web application with vulnerabilities Marc-André Laverdière (Mar 08)
- Security BSides Austin - sponsors needed! Benjamin Tomhave (Mar 08)
- Message not available
- Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Steve Pinkham (Mar 08)
- RE: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Calderon, Juan Carlos (GE, Corporate, consultant) (Mar 08)
- Re: [WEB SECURITY] Re: Need a real Java web application with vulnerabilities Steve Pinkham (Mar 08)
- Re: Need a real Java web application with vulnerabilities Morgan Reed (Mar 08)
- Re: Need a real Java web application with vulnerabilities Yu Qu (Mar 08)