L’home dibuixat

Publicada la versió 1.0 del projecte OWASP Broken Web Application. Es tracta d'una màquina virtual  (en format VMware) que inclou un seguit d'aplicacions web instal·lades de forma no segura (versions antigues i/o amb vulnerabilitat conegudes), per tal que es puguin realitzar pràctiques de proves de penetració.

La màquina virtual inclou:

• Training Applications —  Applications designed for learning which guide the user to specific, intentional vulnerabilities.
  • OWASP WebGoat version 5.4+SVN (Java)
  • OWASP WebGoat.NET version 2012–07-05+GIT
  • OWASP ESAPI Java SwingSet Interactive version 1.0.1+SVN
  • Mutillidae version 2.2.3 (PHP)
  • Damn Vulnerable Web Application version 1.8+SVN (PHP)
  • Ghost (PHP)
• Realistic, Intentionally Vulnerable Applications — Applications that have a wide variety of intentional security vulnerabilities, but are designed to look and work like a real application.
  • OWASP Vicnum version 1.5 (PHP/Perl)
  • Peruggia version 1.2 (PHP)
  • Google Gruyere version 2010-07-15 (Python)
  • Backxor version 2011-04-06 (Java JSP)
  • WackoPicko version 2011–07-12+GIT (PHP)
  • BodgeIt version 1.3+SVN (Java JSP)
• Old Versions of Real Applications — Open source applications with one or more known security issues.
  •  WordPress 2.0.0 (PHP, released December 31, 2005) with plugins:
    • myGallery version 1.2
    • Spreadsheet for WordPress version 0.6
  • OrangeHRM version 2.4.2 (PHP, released May 7, 2009)
  • GetBoo version 1.04 (PHP, released April 7, 2008)
  • gtd-php version 0.7 (PHP, released September 30, 2006)
  • Yazd version 1.0 (Java, released February 20, 2002)
  • WebCalendar version 1.03 (PHP, released April 11, 2006)
  • Gallery2 version 2.1 (PHP, released March 23, 2006)
  • TikiWiki version 1.9.5 (PHP, released September 5, 2006)
  • Joomla version 1.5.15 (PHP, released November 4, 2009)
  • AWStats version 6.4 (build 1.814, Perl, released February 25,2005)
• Applications for Testing Tools — Applications designed for testing automated tools like web application security scanners.
  • OWASP ZAP-WAVE version 0.2+SVN (Java JSP)
  • WAVSEP version 1.2 (Java JSP)
  • WIVET version 3+SVN (Java JSP)
• Demonstration Pages / Small Applications — Little applications or pages with intentional vulnerabilities to demonstrate specific concepts.
  • OWASP CSRFGuard Test Application version 2.2 (Java)
  • Mandiant Struts Forms (Java/Struts)
  • Simple ASP.NET Forms (ASP.NET/C#)
  • Simple Form with DOM Cross Site Scripting (HTML/JavaScript)
• OWASP Demonstration Applications — Demonstration of an OWASP application. Does not contain any intentional vulnerabilties.
  • OWASP AppSensor Demo Application (Java)