I heard that http://www.twitter.com is a fun one, too. LITTERED with major vulns.
- Jim ----- Original Message ----- From: "security curmudgeon" <jeri...@attrition.org> To: "Jeremy Epstein" <jeremy.j.epst...@gmail.com> Cc: <SC-L@securecoding.org> Sent: Wednesday, May 06, 2009 7:17 AM Subject: Re: [SC-L] Seeking vulnerable server-side scripts > > : There are several applications designed specifically for this: > : > : Mutillidae > : > http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 > : > : Foundstone's Hacme Bank and Hacme Travel > : http://www.foundstone.com/us/resources-free-tools.asp > : > : WebGoat > : http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project > : > : > : I believe there are more, but those are the first to come to mind. > > A couple more: > > Stanford SecuriBench > http://suif.stanford.edu/~livshits/securibench/ > > w3af's "moth" > http://sourceforge.net/project/showfiles.php?group_id=170274 > http://sourceforge.net/mailarchive/forum.php?thread_name=cdfaf8b20905051759o76a0f6f1o171928dd9b1d5e30%40mail.gmail.com&forum_name=w3af-develop > > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - > http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > _______________________________________________ > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________