Greetings,
I'm experimenting (on paper initially) with a technique for improving
resiliency of web applications, and to do so am looking for examples
of server side scripts (PHP, Perl, whatever) that have security
vulnerabilities, to see if the technique would work. If you have
scripts you'd be
: There are several applications designed specifically for this:
:
: Mutillidae
:
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
:
: Foundstone's Hacme Bank and Hacme Travel
: http://www.foundstone.com/us/resources-free-tools.asp
:
: WebGoat
:
Does anyone know of a source of insecure Java snippets? I would like
to get some for a monthly meeting of leading technical people. My
idea was to have a find the bug like the old C-Lint ads.
Does anyone know of a source of something like this.
Brad
Hi Jeremy,
: I'm experimenting (on paper initially) with a technique for improving
: resiliency of web applications, and to do so am looking for examples
: of server side scripts (PHP, Perl, whatever) that have security
: vulnerabilities, to see if the technique would work. If you have
: If
Jeremy,
CVE is littered with these kinds of issues, for PHP especially. The
scripts are often open source, fully-functional packages that just happen
to have lots of security issues. Sometimes the root cause is buried
fairly deep in the code, but the people who find these bugs often care
only
We keep a big catalog here:
http://www.fortify.com/vulncat
On 5/6/09 10:41 AM, Brad Andrews andr...@rbacomm.com wrote:
Does anyone know of a source of insecure Java snippets? I would like
to get some for a monthly meeting of leading technical people. My
idea was to have a find