Foundstone Security (now part of McAfee) built a CF app some years ago called HackMe as an educational tool of what not to do. Looks like it's still available here:
http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx It was written for CF7 but it should still be suitable for your purposes. -Cameron On Fri, Jun 1, 2012 at 10:58 AM, <[email protected]> wrote: > Greetings: > > I need some examples of insecure CF to use as test bed against Fortify. I > want to verify that the Fortify rule pack will flag offending code that > allows SQL Injections and Cross-site scripting, etc. I could sit down and > write a bunch of insecure code examples - but I'm hoping I can grab some > from the web. (Not to mention there are more attacks than I can think of!) > -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook <http://www.facebook.com/cameroncf> | twitter<http://twitter.com/cameronc> | google+ <https://profiles.google.com/u/0/117829379451708140985>
