[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] Hacme Casino v1.0

From: <alex.smolen@xxxxxxxxxxxxxx>
Subject: [WEB SECURITY] Hacme Casino v1.0
Date: Thu, 24 Aug 2006 17:15:07 -0700

Announcing the new addition to the Hacme, Inc. series of Foundstone free
tools, Hacme Casino!

Hacme Casino is an online casino, built with Ruby on Rails, with plenty
of AJAX functionality. It has security vulnerabilities "baked-in", and
is meant to help educate developers and testers about web application
security in the context of new technologies.

If you are interested in the security aspects Ruby on Rails and AJAX,
give Hacme Casino a try. It's a completely self-contained Ruby WEBrick
server and Rails application in a simple exe.

Vulnerabilities:
	Blind SQL Injection
	Cross-Site Request Forgery
	Improper Session Management
	Good, old fashioned cheating!

Features:
Multiple Users (Login and Register)
Blackjack
Video Poker
Roulette (Coming Soon!)

http://www.foundstone.com/resources/proddesc/hacmecasino.htm
	
So go ahead, try your luck, see if you can break the bank at Hacme
Casino!

Alex Smolen
Hacme Casino Author
Consultant, Foundstone Professional Services


----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: [WEB SECURITY] Re: Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
Next by Date: [WEB SECURITY] Resources for testing hosted/ASP sites
Previous by thread: [WEB SECURITY] Re: Problem about detecting "SMTP command injection", i.e. cr lf chars in web forms
Next by thread: RE: [WEB SECURITY] Resources for testing hosted/ASP sites
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site