This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Bricks"

From OWASP
Jump to: navigation, search
 
(12 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Image:OWASP Bricks logo.png|400px|OWASP Bricks]]<br> <br>  
+
=Main=
<div style="font-size:112%;border:none;margin: 0;color:#000;">
+
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->
* Bricks is a deliberately vulnerable web application built on PHP and MySQL.  
+
<div style="width:100%;height:100px;border:0,margin:0;overflow: hidden;">[[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] </div>
 +
 
 +
 
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
==OWASP Bricks==
 +
 
 +
OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.
 +
 
 +
==Introduction==
 +
 
 +
* OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL.  
 
* The project focuses on variations of commonly seen application security vulnerabilities and exploits.  
 
* The project focuses on variations of commonly seen application security vulnerabilities and exploits.  
 
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).  
 
* Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).  
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.<br><br>
+
* The mission is to 'break the bricks' and thus learn the various aspects of web application security.
 +
 
 +
==Description==
 +
 
 +
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.
 +
 
 +
Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.
 +
 
 +
==Licensing==
 +
OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
== What is Bricks? ==
 +
 
 +
OWASP Bricks  provides:
 +
 
 +
* A platform for learning web application security.
 +
* A test bed for analyzing the performance of web application security scanners.
 +
 
 +
== Presentation ==
 +
 
 +
[[File:OWASP_Bricks_Presentation_Slides.pptx|OWASP Bricks Presentation Slides]]
 +
 
 +
== Project Leader ==
 +
 
 +
[[User:Abhi_M_Balakrishnan| Abhi_M_Balakrishnan]]
 +
 
 +
 
 +
== Related Projects ==
 +
 
 +
* [[OWASP Mantra - Security Framework]]
 +
 
 +
== Ohloh ==
 +
 
 +
*https://www.ohloh.net/p/owaspbricks
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 
 +
== Quick Download ==
 +
 
 +
* [http://sechow.com/bricks/download.html Download Bricks]
 +
 
 +
 
  
'''[http://sechow.com/bricks/download.html Download Bricks] | [https://www.youtube.com/OWASPBricks Watch videos] | [http://sechow.com/bricks/docs/ Documentation]<br>
+
== News and Events ==
= Bricks =
+
 
 +
 
 +
 
 +
== In Print ==
 +
 
 +
 
 +
 
 +
==Classifications==
 +
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_TOOL.jpg|link=]]
 +
  |}
  
{| class="wikitable"
 
|-
 
! Challenge
 
! Page
 
! URL
 
! Documentations
 
|-
 
| 1
 
| Log in page #1
 
| bricks/login-1/
 
| [http://sechow.com/bricks/docs/login-1.html Text],  [http://www.youtube.com/watch?v=mCo6ajvBv50 Video]
 
|-
 
| 2
 
| File upload page #1
 
| bricks/upload-1/
 
| [http://sechow.com/bricks/docs/file-upload-1.html Text], [http://www.youtube.com/watch?v=N6SAzEkgJ3s Video]
 
|-
 
| 3
 
| Content page #1
 
| bricks/content-1/
 
| [http://sechow.com/bricks/docs/content-page-1.html Text], [http://www.youtube.com/watch?v=j5I0wPvQxTg Video]
 
|-
 
| 4
 
| Log in page #2
 
| bricks/login-2/
 
| [http://sechow.com/bricks/docs/login-2.html Text], [http://www.youtube.com/watch?v=nZYejElQxhk Video]
 
|-
 
| 5
 
| Content page #2
 
| bricks/content-2/
 
| [http://sechow.com/bricks/docs/content-page-2.html Text], [http://www.youtube.com/watch?v=7TkRBREYn6Y Video]
 
|-
 
| 6
 
| File upload page #2
 
| bricks/upload-2/
 
| [http://sechow.com/bricks/docs/file-upload-2.html Text], [http://www.youtube.com/watch?v=tsDClYorsXI Video]
 
|-
 
| 7
 
| Log in page #3
 
| bricks/login-3/
 
| [http://sechow.com/bricks/docs/login-3.html Text], [http://www.youtube.com/watch?v=Glsl-UR2OmU Video]
 
|-
 
| 8
 
| Content page #3
 
| bricks/content-3/
 
| [http://sechow.com/bricks/docs/content-page-3.html Text], [http://www.youtube.com/watch?v=qWpqZbymsl8 Video]
 
|-
 
| 9
 
| Log in page #4
 
| bricks/login-4/
 
| [http://sechow.com/bricks/docs/login-4.html Text], [https://www.youtube.com/watch?v=z4JUplVRG1U Video]
 
|-
 
| 10
 
| Content page #4
 
| bricks/content-4/
 
| [http://sechow.com/bricks/docs/content-page-4.html Text]
 
|-
 
| 11
 
| File upload page #3
 
| bricks/upload-3/
 
| Open for public
 
|-
 
| 12
 
| Log in page #5
 
| bricks/login-5/
 
| Open for public
 
|-
 
| 13
 
| Content page #5
 
| bricks/content-5/
 
| Open for public
 
|-
 
 
|}
 
|}
= Road map =
+
 
 +
=FAQs=
 +
 
 +
; Q1
 +
: A1
 +
 
 +
; Q2
 +
: A2
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
 +
 
 +
OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.
 +
 
 +
==Others==
 +
 
 +
 
 +
= Road Map and Getting Involved =
 
# Demonstrate maximum variations of most common vulnerabilities
 
# Demonstrate maximum variations of most common vulnerabilities
 
# Help people to learn the need of secure codding practices and SSDLC
 
# Help people to learn the need of secure codding practices and SSDLC
Line 90: Line 111:
 
# Demonstrate the possibilities of various security tools and techniques
 
# Demonstrate the possibilities of various security tools and techniques
 
# Become a platform to teach web application security in a class room/lab environment.
 
# Become a platform to teach web application security in a class room/lab environment.
</div>
+
 
 +
Involvement in the development and promotion of OWASP Bricks is actively encouraged!
 +
You do not have to be a security expert in order to contribute.
 +
Some of the ways you can help:
 +
* Spread the word - Facebook, Twitter, Google+ or any other communication platform.
 +
* Write about OWASP Bricks on your web site/ book.
 +
* Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.
 +
* Make tutorials/videos of Bricks in languages you know of.
 +
* Include it in your training materials, talks, discussions etc.
 +
 
 +
 
 +
 
 +
=News=
 +
* [http://news.softpedia.com/news/Security-App-of-the-Week-OWASP-Bricks-375093.shtml OWASP Bricks was the Softpedia Security App of the week]
 +
* [http://is-ra.org/c0c0n/2014/ OWASP Bricks was supporting partner of c0c0n 2014] 
 +
* [https://www.youtube.com/watch?v=pPg8bA7ps3U OWASP Bricks was presented at OWASP/Null combined meet in Delhi November 2014]
 +
* [https://www.facebook.com/OwaspBricks/posts/646717422114772 Adwiteeya Agrawal presented OWASP Bricks at Indira Gandhi Delhi Technical University for Women - IGDTU]
 +
* [http://dl.packetstormsecurity.net/papers/general/poor_mans_security_lab.pdf The Poor Man's Security Lab guide recommends OWASP Bricks]
 +
 
 
=Project About=
 
=Project About=
{{:Projects/OWASP_Bricks}}  
+
{{:Projects/OWASP_Bricks}}  
 +
 
 +
__NOTOC__ <headertabs />
 +
 
 +
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
 +
 
 
[[Category:OWASP Project|Bricks]]
 
[[Category:OWASP Project|Bricks]]
 
[[Category:OWASP Download|Bricks]]
 
[[Category:OWASP Download|Bricks]]
 
[[Category:OWASP Tool|Bricks]]
 
[[Category:OWASP Tool|Bricks]]
 
[[Category:OWASP Alpha Quality Tool|Bricks]]
 
[[Category:OWASP Alpha Quality Tool|Bricks]]

Latest revision as of 19:19, 12 February 2016

OWASP Inactive Banner.jpg


OWASP Bricks

OWASP Bricks is a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools like Mantra and ZAP.

Introduction

  • OWASP Bricks is a deliberately vulnerable web application built on PHP and MySQL.
  • The project focuses on variations of commonly seen application security vulnerabilities and exploits.
  • Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).
  • The mission is to 'break the bricks' and thus learn the various aspects of web application security.

Description

Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.

Bricks is a completely free and open source project brought to you by OWASP. The complete documentation and instruction videos can also be accessed or downloaded for free. Bricks are classified into three different sections: login pages, file upload pages and content pages.

Licensing

OWASP Bricks is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is Bricks?

OWASP Bricks provides:

  • A platform for learning web application security.
  • A test bed for analyzing the performance of web application security scanners.

Presentation

File:OWASP Bricks Presentation Slides.pptx

Project Leader

Abhi_M_Balakrishnan


Related Projects

Ohloh

Quick Download


News and Events

In Print

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files TOOL.jpg
Q1
A1
Q2
A2

Volunteers

Bricks is brought to you by OWASP, a free and open software security community focusing on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

OWASP Bricks project is led by Abhi M Balakrishnan, an information security enthusiast. He is the founding member of OWASP Mantra, Secpedia and Bbroy.

Others

  1. Demonstrate maximum variations of most common vulnerabilities
  2. Help people to learn the need of secure codding practices and SSDLC
  3. Attract people to design more bricks
  4. Become a test bed for analyzing the performance of web application security scanners.
  5. Help people learn the manual method of testing the applications
  6. Demonstrate the possibilities of various security tools and techniques
  7. Become a platform to teach web application security in a class room/lab environment.

Involvement in the development and promotion of OWASP Bricks is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • Spread the word - Facebook, Twitter, Google+ or any other communication platform.
  • Write about OWASP Bricks on your web site/ book.
  • Mention it in your resume - It helps you, it helps the company and it helps us and thus everybody wins.
  • Make tutorials/videos of Bricks in languages you know of.
  • Include it in your training materials, talks, discussions etc.


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Bricks (home page)
Purpose: Bricks, a deliberately vulnerable web application built on PHP & MySQL focuses on variations of commonly seen application security vulnerabilities & exploits, which can be exploited using tools (Mantra & ZAP). The mission is to 'break the bricks'.
License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?
Project Leader(s):
  • Abhi M Balakrishnan @
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Abhi M Balakrishnan @ to contribute to this project
  • Contact Abhi M Balakrishnan @ to review or sponsor this project
current release
Tuivai - 30 November 2013 - (download)
Release description: 13th public release
Rating: Projects/OWASP Bricks/GPC/Assessment/Tuivai
last reviewed release
Not Yet Reviewed


other releases