After much development and hard work here
is the first stable (beta) release of the new Owasp SiteGenerator tool
(whose Open Source development has been sponsored by Foundstone) Owasp SiteGenerator allows the creating of dynamic websites based on XML files and predefined vulnerabilities (some simple to detect/exploit, some harder) covering multiple .Net languages and web development architectures (for example, navigation: Html, _javascript_, Flash, Java, etc...). SiteGenerator can be used on the following projects: - Evaluation of Web Application Security Scanners - Evaluation of Web Application Firewalls - Developer Training - Web Honeypots - Web Application hacking contests (or evaluations) You can read an introduction to this tool here (http://sourceforge.net/mailarchive/message.php?msg_id=14547158), and download the latest version from here:
Note that the SQL Injection vulnerabilities expect that you have the latest version of HacmeBank (v2.0) installed in your box. I am in the process of creating several videos (covering the installation and GUI) which I am sure will be very useful and practical. Also if you are interested in helping in the development of SiteGenerator or in its vulnerabilities database, then contact me directly. Best regards Dinis Cruz Owasp .Net Project www.owasp.net |
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php