This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Faux Bank Project
OWASP Faux Bank is a real-world type system with all 10 of OWASPs top 10 vulnerabilities implemented. The idea behind this project is to have a website with vulnerabilities that developers can play with an exploit, and then view the source code to see the site is vulnerable. OWASP Faux Bank also features a "secure mode", which prevents exploits, so that developers can also see how these vulnerabilities can be prevented within web applications.
The full source code is available from GitHub at: github.com/thatcoderguy/owasp-faux-bank
Currently OWASP Faux Bank is written in Classic ASP, but eventually there will also be PHP and .Net versions written, so that developers of these languages can also see how the vulnerabilities work.
OWASP Faux Bank is also running at: www.fauxbank.co.uk with all of the vulnerabilities implemented.
Project Leader
I am a web developer with 11 years commercial experience, currently in a Technical Director position for a small website company. I have an avid interest in security; network and web application development, and have written numerous pieces security software and also trained developers on how to write secure code. I have my own website: www.thatcoderguy.co.uk which also hosts my bi-weekly blog where I write about security and web development.
Licensing
OWASP Faux Bank is free to use. It is licensed under the Apache 2.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
Email List
