[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] "hack-me" Ajax apps?
- From: <kurt@xxxxxxxxxxxxxxx>
- Subject: Re: [WEB SECURITY] "hack-me" Ajax apps?
- Date: Wed, 16 Aug 2006 11:26:00 -0700
Jeff-
I have an AJAX-enabled version of BadStore.net that is basically ready for distribution (awaiting primarily documentation updates). There is an AJAX search function that hits against a MySQL table and returns XML data through CGI::AJAX.
The current public version of BadStore.net is v1.2.3 and has basic WebAppSec demo capabilities. The AJAX/Web Services is v2.1.x and I can email you a Beta for review and comment. If you're interested in contributing your coding talents to this open-source project, that would also be encouraged and appreciated!
What AJAX hacking capabilities are you looking for??? It should be relatively easy to bake it in, as the infrastructure is already in place.
-Kurt
PS - BadStore.net is a GNU-licensed open-source demo, training, and evaluation platform for WebAppSec. It's a bootable distro that's distibuted as an .iso image that runs a vulnerable server/app directly or under virtualization (VMWare, Que, etc.) requiring only 128MB memory. BadStore.net is LAMP (Linux Apache MySQL and Perl) and requires no installation - just boot and point a browser at it. When you hack it to death, just reboot and you're back where you started.
-----Original Message-----
From: "Jeff Robertson" <jeff.robertson@xxxxxxxxxxxxxxxxxx>
Subj: [WEB SECURITY] "hack-me" Ajax apps?
Date: Wed Aug 16, 2006 5:13 am
Size: 480 bytes
To: <webappsec@xxxxxxxxxxxxxxxxx>,<websecurity@xxxxxxxxxxxxx>
Where could I find hackable, fake, Ajax application? Like webgoat, etc.,
but all Ajax?
If the answer is to "write one", I'm willing, but I'd rather not
reinvent any wheels.
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
Brought to you by http://www.webappsec.org
Search this site
|