This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Broken Web Applications Project"

From OWASP
Jump to: navigation, search
 
(6 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==== Main ====
+
=Main=
  
The Broken Web Applications Project (BWA) is an effort to provide
+
{|
a wealth of applications with known vulnerabilities for those interested in:
+
|-
 +
! width="700" align="center" | <br>
 +
! width="500" align="center" | <br>
 +
|-
 +
| align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]]
 +
| align="right" |
  
 +
|}
 +
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
==OWASP Broken Web Applications Project==
 +
 +
OWASP Broken Web Applications Project is a collection of vulnerable web applications that is distributed on a Virtual Machine.
 +
 +
==Description==
 +
The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:
 
*learning about web application security
 
*learning about web application security
 
*testing manual assessment techniques
 
*testing manual assessment techniques
Line 11: Line 27:
 
*testing WAFs and similar code technologies
 
*testing WAFs and similar code technologies
  
all the while saving people interested in doing either learning or testing
+
All the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.
the pain of having to compile, configure, and catalog all of the things
+
 
normally involved in doing this process from scratch.
+
This project is sponsored in part by: [[Image:AppSecDC2009-Sponsor-mandiant.gif|link=http://www.mandiant.com/]]
 +
 
 +
==Licensing==
 +
OWASP Broken Web Applications Project is free to use. Any custom code / modifications are GPLv2, but this does not override the license of each individual software package we incorporate. All software is open source.
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
== What is Broken Web Applications Project? ==
 +
 
 +
OWASP Broken Web Applications Project  provides:
 +
 
 +
* A collection of purposefully vulnerable applications to safely practice penetration testing.
 +
* A selection of tools for testing web applications.
 +
 
 +
 
 +
== Presentation ==
 +
 
 +
[http://www.owasp.org/images/f/f0/Learning_by_Breaking_A_New_Project_Insecure_Web_Apps-Chuck_Willis.ppt View]
 +
 
 +
== Project Leader ==
 +
 
 +
[mailto:[email protected] Chuck Willis]
 +
 
 +
 
 +
== Related Projects ==
 +
 
 +
 
 +
== Ohloh ==
  
<br>
 
  
We urge interested parties to join our [http://groups.google.com/group/owaspbwa Google Group] or check out our [http://code.google.com/p/owaspbwa/ Google Code Page].
+
| valign="top"  style="padding-left:25px;width:200px;" |
  
Direct Download [http://sourceforge.net/projects/owaspbwa/files/ link]
+
== Quick Download ==
  
This project is sponsored in part by [[Image:AppSecDC2009-Sponsor-mandiant.gif|link=http://www.mandiant.com/]]
+
*[http://sourceforge.net/projects/owaspbwa/files/ Download the latest release]
 +
*[https://github.com/chuckfw/owaspbwa/ GitHub Source Repository]
 +
*[https://twitter.com/owaspbwa Twitter Feed]
  
==== News ====
+
== Email List ==
  
25-Jul-2012 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.
+
[https://groups.google.com/forum/#!forum/owaspbwa Join the Google Group]
  
14-Jul-2012 -- OWASP Broken Web Applications version 1.0rc2 was released.
+
== News and Events ==
 +
*3-Aug-2015 -- OWASP Broken Web Applications version 1.2 was released.
 +
*27-Sep-2013 -- OWASP Broken Web Applications version 1.1.1 was released.
 +
*30-Jul-2013 -- OWASP Broken Web Applications version 1.1 was released.
 +
*25-Jul-2012 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.
 +
*24-Jul-2012 -- OWASP Broken Web Applications version 1.0 was released.
 +
*14-Jul-2012 -- OWASP Broken Web Applications version 1.0rc2 was released.
 +
*4-Apr-2012 -- OWASP Broken Web Applications version 1.0rc1 was released at OWASP AppSec DC.
 +
*4-Aug-2011 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.
 +
*24-Jul-2011 -- OWASP Broken Web Applications version 0.94 was released.
 +
*27-Jan-2011 -- Chuck Willis presents OWASP BWA at the DoD Cyber Crime Conference.
 +
*19-Jan-2011 -- OWASP Broken Web Applications version 0.93rc1 was released.
 +
*15-Nov-2010 -- OWASP Broken Web Applications version 0.92rc2 was released.
 +
*10-Nov-2010 -- OWASP Broken Web Applications version 0.92rc1 was released.
 +
*10-Nov-2010 -- Chuck Willis presents OWASP BWA at OWASP AppSec DC.
 +
*24-Mar-2010 -- OWASP Broken Web Applications version 0.91rc1 was released.
 +
*5-Feb-2010 -- Doug Wilson presents on OWASP BWA at ShmooCon in Washington DC at 6 PM
 +
*31-Jan-2010 -- We are now an "official" OWASP project, just in time for ShmooCon!
 +
*27-Jan-2010 -- Chuck Willis presents BWA at the DoD Cybercrime conference
  
4-Apr-2012 -- OWASP Broken Web Applications version 1.0rc1 was released at OWASP AppSec DC.
+
== In Print ==
  
4-Aug-2011 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.
 
  
24-Jul-2011 -- OWASP Broken Web Applications version 0.94 was released.
 
  
27-Jan-2011 -- Chuck Willis presents OWASP BWA at the DoD Cyber Crime Conference.
+
==Classifications==
  
19-Jan-2011 -- OWASP Broken Web Applications version 0.93rc1 was released.
+
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Midlevel projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
  
15-Nov-2010 -- OWASP Broken Web Applications version 0.92rc2 was released.
+
|}
  
10-Nov-2010 -- OWASP Broken Web Applications version 0.92rc1 was released.
+
=FAQs=
  
10-Nov-2010 -- Chuck Willis presents OWASP BWA at OWASP AppSec DC.
+
; Q1 (to be completed)
 +
: A1 (to be completed)
  
24-Mar-2010 -- OWASP Broken Web Applications version 0.91rc1 was released.
+
; Q2 (to be completed)
 +
: A2 (to be completed)
  
5-Feb-2010 -- Doug Wilson presents on OWASP BWA at [http://shmoocon.org ShmooCon] in Washington DC at 6 PM
+
= Acknowledgements =
 +
==Volunteers==
 +
OWASP Broken Web Applications Project is developed by a worldwide team of volunteers. The primary contributors to date have been:
  
31-Jan-2010 -- We are now an "official" OWASP project, just in time for ShmooCon!
+
* [mailto:[email protected] Doug Wilson]
 +
==Others==
 +
* (to be completed)
 +
* xxx
  
27-Jan-2010 -- Chuck Willis presents BWA at the DoD Cybercrime conference
+
= Road Map and Getting Involved =
  
 +
(to be completed)
  
==== Project Details  ====
 
  
{{:GPC_Project_Details/OWASP BWA Project | OWASP Project Identification Tab}}
 
  
 +
=Project About=
 +
{{:GPC_Project_Details/OWASP BWA Project | OWASP Project Identification Tab}} 
  
__NOTOC__ <headertabs />
+
__NOTOC__ <headertabs />  
  
[[Category:OWASPBWA]]
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]

Latest revision as of 02:42, 7 March 2016
OWASP Inactive Banner.jpg

OWASP Broken Web Applications Project

OWASP Broken Web Applications Project is a collection of vulnerable web applications that is distributed on a Virtual Machine.

Description

The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:

  • learning about web application security
  • testing manual assessment techniques
  • testing automated tools
  • testing source code analysis tools
  • observing web attacks
  • testing WAFs and similar code technologies

All the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.

This project is sponsored in part by: AppSecDC2009-Sponsor-mandiant.gif

Licensing

OWASP Broken Web Applications Project is free to use. Any custom code / modifications are GPLv2, but this does not override the license of each individual software package we incorporate. All software is open source.


What is Broken Web Applications Project?

OWASP Broken Web Applications Project provides:

  • A collection of purposefully vulnerable applications to safely practice penetration testing.
  • A selection of tools for testing web applications.


Presentation

View

Project Leader

Chuck Willis


Related Projects

Ohloh

Quick Download

Email List

Join the Google Group

News and Events

  • 3-Aug-2015 -- OWASP Broken Web Applications version 1.2 was released.
  • 27-Sep-2013 -- OWASP Broken Web Applications version 1.1.1 was released.
  • 30-Jul-2013 -- OWASP Broken Web Applications version 1.1 was released.
  • 25-Jul-2012 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.
  • 24-Jul-2012 -- OWASP Broken Web Applications version 1.0 was released.
  • 14-Jul-2012 -- OWASP Broken Web Applications version 1.0rc2 was released.
  • 4-Apr-2012 -- OWASP Broken Web Applications version 1.0rc1 was released at OWASP AppSec DC.
  • 4-Aug-2011 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.
  • 24-Jul-2011 -- OWASP Broken Web Applications version 0.94 was released.
  • 27-Jan-2011 -- Chuck Willis presents OWASP BWA at the DoD Cyber Crime Conference.
  • 19-Jan-2011 -- OWASP Broken Web Applications version 0.93rc1 was released.
  • 15-Nov-2010 -- OWASP Broken Web Applications version 0.92rc2 was released.
  • 10-Nov-2010 -- OWASP Broken Web Applications version 0.92rc1 was released.
  • 10-Nov-2010 -- Chuck Willis presents OWASP BWA at OWASP AppSec DC.
  • 24-Mar-2010 -- OWASP Broken Web Applications version 0.91rc1 was released.
  • 5-Feb-2010 -- Doug Wilson presents on OWASP BWA at ShmooCon in Washington DC at 6 PM
  • 31-Jan-2010 -- We are now an "official" OWASP project, just in time for ShmooCon!
  • 27-Jan-2010 -- Chuck Willis presents BWA at the DoD Cybercrime conference

In Print

Classifications

Midlevel projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg
Q1 (to be completed)
A1 (to be completed)
Q2 (to be completed)
A2 (to be completed)

Volunteers

OWASP Broken Web Applications Project is developed by a worldwide team of volunteers. The primary contributors to date have been:

Others

  • (to be completed)
  • xxx

(to be completed)



PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Broken Web Applications Project

Purpose: a collection of vulnerable web applications that is distributed on a Virtual Machine.

License: Any custom code / modifications are GPLv2, but this does not override the license of each individual software package we incorporate. All software is open source.

who is working on this project?
Project Leader: Chuck Willis @

Project Maintainer:

Project Contributor(s):

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: View

Mailing list: N/A

Project Roadmap: To view, click here

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Chuck Willis @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Release 1.1.1 - September 27, 2013 - (download)

Release Leader: Chuck Willis @

Release details: Main links, release roadmap and assessment

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0


Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Broken_Web_Applications_Project&oldid=210601"