Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: An interesting vulnerability playground to learn application vulnerabilities SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
An interesting vulnerability playground to learn application vulnerabilities

In my spare time I am teaching computer security topics in a local university. One of the activities that my students enjoy is the teaching of application security assessment and vulnerability detection.

I made my search for the applications that supported the largest possible number of vulnerabilities. As a result of the research, I began to work with the following applications:

One aspect that I did not like about these applications is that they show scenarios to fully exploit the vulnerability point, without being real and that identification scenarios for my students can be complex due to their lack of experience in the field. So I started looking for an application that was as close as possible to a real web application, which had modules that include one or more vulnerabilities. Finally I found a very interesting application called wackopicko, which poses as a real website for sharing pictures with real application modules that have the following vulnerabilities: Reflected XSS, Stored XSS vulnerability SessionID, Stored SQL Injection, Reflected SQL Injection, Directory Traversal, Multi-Step Stored XSS, Forceful Browsing, Command-line Injection, Parameter Manipulation, behind Reflected XSS JavaScript Logic Flaw, a flash behind Reflected XSS Weak form and username / password.

Do you have any other interesting vulnerability playground to share with us? Let us know.  

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

192 Posts
ISC Handler
Interestingly enough, the link to Mutillidae also links to another article with a nice list of deliberately vulnerable web apps. Check it out.
HackDefendr

65 Posts
Check out this list here:
http://www.system7.org/2009/11/05/test-your-web-pentest-skillz/

Several intentionally vulnerable web apps and distro's...
Jouser

7 Posts

Sign Up for Free or Log In to start participating in the conversation!