[OWASP Broken Web Applications Project VM v1.1] Collection of vulnerable web applications

The Broken Web Applications (BWA) Project is a collection of vulnerable web applications that is distributed on a Virtual Machine.

The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:
  • Learning about web application security
  • Testing manual assessment techniques
  • Testing automated tools
  • Testing source code analysis tools
  • Observing web attacks
  • Testing WAFs and similar code technologies
  • All the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.

Changelog v1.1 (2013-07-30)

  • Updated Mutillidae, Cyclone, and WAVSEP.
  • Updated OWASP Bricks and configured it to pull from SVN.
  • Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include LUA support.
  • Increased VM’s RAM allocation to 1Gb.
  • Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP).
  • Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional.
More Information: here

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s