Hi Jeremy, : I'm experimenting (on paper initially) with a technique for improving : resiliency of web applications, and to do so am looking for examples : of server side scripts (PHP, Perl, whatever) that have security : vulnerabilities, to see if the technique would work. If you have
: If there are repositories of such things, please excuse the newbie : question and point me in the right direction! There are several applications designed specifically for this: Mutillidae http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10 Foundstone's Hacme Bank and Hacme Travel http://www.foundstone.com/us/resources-free-tools.asp WebGoat http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project I believe there are more, but those are the first to come to mind. _______________________________________________ Secure Coding mailing list (SC-L) [email protected] List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
