Home Contact

M-unition

The Ammunition You Need to Find Evil and Solve Crime

About Us

Welcome to M-unition, the MANDIANT blog. Here we share our insights about the tools we create and use to find evil and solve crime.

Learning by Breaking: A New Project for Insecure Web Apps

Written by Chuck Willis

Lately, I have been working on a new project that will be released at the OWASP AppSec DC Conference in November. The idea of the project is to combine a variety of vulnerable web applications on a Virtual Machine that can be used for testing web application security tools and techniques. The project will be entirely free and open source, so not only can it be expanded and extended, but it will also be useful for testing white box tools and techniques such as source code analysis tools.

So far, I have incorporated some intentionally vulnerable web applications, along with old versions of phpBB and WordPress. I plan to keep adding applications as time allows up until the conference when the first version will be released. I also hope that my talk will spur some interest and get some people to contribute additional applications. In addition to “standard” web applications, I would like to include some applications with AJAX and Adobe Flash client interfaces.

I will post again when the project is available for download. If you have a vulnerable web application you would like to see incorporated or are otherwise interested in helping out with the project, I’d love to hear from you at chuck.willis (at) mandiant (dot) com.

I also recommend that anyone interested in web application security attend the OWASP AppSec DC Conference. The conference is Thursday November 12 – Friday November 13th, looks to have a ton of great content lined up, and is very reasonably priced ($395 for two days). I speak on the first day and you can find details about my talk here.

Chuck

. 09 Oct 09 | Conferences
«
»


Reader's Comments

  1. DougWilson | October 12th, 2009 at 12:21 pm

    Awesome stuff. I’m really looking forward to this project, I think it will be of great use to the community. There are a bunch of different apps floating around out there, but there’s always the time and energy issue of pulling stuff together, especially if you want to dig into a new technology.

    I look forward to helping out on this, and having a clearer schedule come later November ;-) .

  2. Anthony Towry | October 12th, 2009 at 9:13 pm

    Great project idea. I know of more than one instance where this would have saved a couple of hours doing this very thing.

    Looking forward to the drop.



Leave a Reply

You must be logged in to post a comment.