Cameron: Perfect. I tried do a google search on "Hackme" (that was all I could remember about the project) and I got a lot of weird hits. This was what I was looking for. Thanks!
Sincerely, Brooks ADS develops & supports effiective, efficient and secure software solutions ------------------------------------------------------------------------------ Federal Reserve Bank of Atlanta ∙ Application Delivery Services 1000 Peachtree Street NE ∙ Atlanta,Georgia ∙ 30309-4470 ( 404-498-8178 From: Cameron Childress <[email protected]> To: [email protected], Date: 06/01/2012 11:12 AM Subject: Re: [ACFUG Discuss] Fortify CF Test Bed Sent by: [email protected] Foundstone Security (now part of McAfee) built a CF app some years ago called HackMe as an educational tool of what not to do. Looks like it's still available here: http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx It was written for CF7 but it should still be suitable for your purposes. -Cameron On Fri, Jun 1, 2012 at 10:58 AM, <[email protected]> wrote: Greetings: I need some examples of insecure CF to use as test bed against Fortify. I want to verify that the Fortify rule pack will flag offending code that allows SQL Injections and Cross-site scripting, etc. I could sit down and write a bunch of insecure code examples - but I'm hoping I can grab some from the web. (Not to mention there are more attacks than I can think of!) -- Cameron Childress -- p: 678.637.5072 im: cameroncf facebook | twitter | google+
