This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "AltoroMutual"
Dinis.cruz (talk | contribs) (Created page with 'AltoroMutual is an vulnerable-by-design web application created by WatchFire (now AppScan Standard) as a demo test application for their BlackBox Scanner. ===URL=== The AltoroMu…') |
m (Spelling Mistake) (Tag: Visual edit) |
||
(4 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | __TOC__ | ||
+ | |||
AltoroMutual is an vulnerable-by-design web application created by WatchFire (now AppScan Standard) as a demo test application for their BlackBox Scanner. | AltoroMutual is an vulnerable-by-design web application created by WatchFire (now AppScan Standard) as a demo test application for their BlackBox Scanner. | ||
Line 5: | Line 7: | ||
===Source Code=== | ===Source Code=== | ||
− | The C# source code for AltoroMutual is currently not publicly | + | The C# source code for AltoroMutual is currently not publicly available. |
===Vulnerabilties=== | ===Vulnerabilties=== | ||
Line 17: | Line 19: | ||
* http://parsonsisconsulting.wordpress.com/2010/11/25/sql-injection-with-02-and-google-database-plugin/ | * http://parsonsisconsulting.wordpress.com/2010/11/25/sql-injection-with-02-and-google-database-plugin/ | ||
* http://parsonsisconsulting.wordpress.com/2010/11/24/the-power-of-02-scripting/ | * http://parsonsisconsulting.wordpress.com/2010/11/24/the-power-of-02-scripting/ | ||
+ | |||
+ | [[Category:OWASP O2 Platform]] |
Latest revision as of 18:29, 15 November 2018
AltoroMutual is an vulnerable-by-design web application created by WatchFire (now AppScan Standard) as a demo test application for their BlackBox Scanner.
URL
The AltoroMutual web application can be reach on http://demo.testfire.net/ and it is commonly used to test BlackBox Scanners (IBM's AppScan Standard Evaluation version is hard-coded to only allow this website)
Source Code
The C# source code for AltoroMutual is currently not publicly available.
Vulnerabilties
There are number of vulnerabilities (as described in the OWASP Top 10) in this application.
The objective on this WIKI page is to provide detailed explantion of its exploit vector and how it could be protected (WAF or code changes)
External resources
Here are a number of resources that map the current vulnerabilities in AltoroMutual: