O OWASP Broken Web Applications é uma máquina virtual contendo uma coleção de aplicações Web vulneráveis e várias ferramentas para explorar estas vulnerabilidades. O principal objetivo deste projeto é prover num único lugar todas as ferramentas necessárias para o estudo de vulnerabilidades em diversas aplicações Web. Servindo também para:
The OWASP Broken Web Applications Project is a virtual machine containing a web applications vulnerable’s collections, and various tools to exploit these vulnerabilities. The main objective of this project is to provide a single place all the necessary tools for the study of vulnerabilities in various web applications serving also to:
* Aprendizado sobre segurança de aplicações Web;
* Técnicas manuais de avaliação;
* Técnicas de avaliação automatizadas;
* Ferramentas de análise de código.
* Learn about Web Application Security;
* Manual Assessment Techniques ;
* Automated Tools Techniques;
* Source Code Analysis Tools.
Este projeto encontra-se na versão 0.91rc1 e nela poderemos encontrar as seguintes ferramentas e aplicações:
This project is 0.91rc1 release and it can find the following tools and applications:
OWASP WebGoat version 5.3-SNAPSHOT (Java)
OWASP Vicnum version 1.4 (PHP/Perl)
Mutillidae version 1.3 (PHP)
Damn Vulnerable Web Application version 1.06 (PHP)
Ghost (PHP)
Peruggia version 1.2 (PHP)
OWASP CSRFGuard Test Application version 2.2 (Java)
OWASP AppSensor Demo Application (Java)
Mandiant Struts Forms (Java/Struts)
Simple ASP.NET Forms (ASP.NET/C#)
Simple Form with DOM Cross Site Scripting (HTML/JavaScript)
Antigas versões de aplicações reais:
WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from www.oldapps.com)
phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from www.oldapps.com)
Yazd version 1.0 (Java, released February 20, 2002)
OWASP WebGoat version 5.3-SNAPSHOT (Java)
OWASP Vicnum version 1.4 (PHP/Perl)
Mutillidae version 1.3 (PHP)
Damn Vulnerable Web Application version 1.06 (PHP)
Ghost (PHP)
Peruggia version 1.2 (PHP)
OWASP CSRFGuard Test Application version 2.2 (Java)
OWASP AppSensor Demo Application (Java)
Mandiant Struts Forms (Java/Struts)
Simple ASP.NET Forms (ASP.NET/C#)
Simple Form with DOM Cross Site Scripting (HTML/JavaScript)
Old versions of real applications:
WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from www.oldapps.com)
phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from www.oldapps.com)
Yazd version 1.0 (Java, released February 20, 2002)
Clique em DOWNLOAD para baixar a versão mais recente deste projeto.
Click in DOWNLOAD to download the latest version of this project.
WoW! It’s great! Big Thanks!