bWAPP - a buggy web application ! - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner


bWAPP - a buggy web application !

The buggy web application is a free and open source web application build to allow security enthusiasts, students and developers to better secure web applications. bWAPP prepares you to conduct successful penetration testing and ethical hacking projects. It is for educational purposes only.

bWAPP contains all vulnerabilities from the OWASP Top 10 project.  The OWASP Top 10 provides an accurate snapshot of the current threat landscape in application security and reflects the collaborative efforts and insights of thousands of accomplished security engineers. To reflect the ongoing changes in technology and common online business practices, the list is periodically updated.

You can download bWAPP from here. Have fun!

We also offer a 2-day comprehensive web security course 'Attacking and Defending Web Applications with bWAPP'. This course can be scheduled on demand, at your location!

bWAPP includes:
  • injection vulnerabilities like SQL, XML/XPath, HTML, command and mail injections.
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • malicious file uploads
  • authentication, authorization and session management issues
  • directory traversal
  • local and remote file inclusions
  • information disclosures
  • configuration issues
  • HTTP response splitting
  • SSL issues
  • Man-in-the-Middle attacks
  • parameter modifications
  • and much more...

Upcoming bugs: AJAX, JSON, Web Services, Clickjacking.

bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows using Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP.
It's also possible to download our bee-box, a custom Linux VMware virtual machine pre-installed with bWAPP.

This project is part of the ITSEC GAMES project. You can find more about bWAPP on this blog very soon. We will cover the installation procedure and most of the web application issues/bugs.


No comments:

Post a Comment