On the same subject, I'm looking for something along this line (and that of hacme). However I need it to be able to: 1. Work on current MS Products 2. Store it's data to a remote database 3. Be accessible from Remote systems 4. Clean target space
Why? I need an external corporate webserver that is vulnerable for some training I'm working on. Currently we are using some hand written html and php that feeds into MSSQL. It works, but is not exciting or current. We explored the hacme, maven, webgoat (actually use it as a secondary target in the dmz), etc. But have not found anything that simulates enterprise level operation. If you would like more detail on what we are building and how, drop me a mail, I don't wish to spam the list. -Rob Floodeen On Wed, May 5, 2010 at 9:44 AM, Kenneth Van Wyk <k...@krvw.com> wrote: > The folks at Google have released some web app training, along with a > vulnerable web app sandbox to play in. The tool is called Jarlsberg. Anyone > here take a look at it yet, and have an opinion about it? > > The description (see below) sounds kinda sorta like OWASP's WebGoat, except > that the vulnerable app itself is written in Python. Oh, and the app is > available on the web, as well as in source code (under Creative Commons). > > http://jarlsberg.appspot.com/ > > There's also an instructor's guide available at: > > http://code.google.com/edu/submissions/jarlsberg/Jarlsberg_Instructor_Guide.pdf > > > Cheers, > > Ken > > ----- > Kenneth R. van Wyk > KRvW Associates, LLC > http://www.KRvW.com > > Follow us on Twitter at: http://twitter.com/KRvW_Associates > > > > > > > _______________________________________________ > Secure Coding mailing list (SC-L) SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) > as a free, non-commercial service to the software security community. > Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates > _______________________________________________ > > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
