OWASP Broken Web Apps 1.0 Released

We are happy to announce the release of version 1.0 - the first major release - of the Open Web Application Security Project (OWASP) Broken Web Applications project Virtual Machine (VM). This open source project assembles and distributes a VM of web applications with a wide variety of security vulnerabilities. The VM is designed to appeal to a wide variety of audiences, including beginners looking to learn the basics of web application vulnerabilities, developers and testers who want to examine and correct the code that implements vulnerabilities, incident responders desiring to examine evidence of web application attacks in logs, and security professionals looking to test tools and techniques.

The VM includes the following types of applications:

  • Training applications (6)
  • Realistic, intentionally vulnerable applications (6)
  • Old, vulnerable versions of real open source applications (10)
  • Applications for Tool Testing (3)
  • Demonstration pages / applications (5)

Mandiant is proud to have sponsored this project since its inception and will continue to support its development. More information about the project can be found on the project's home page. The VM can be downloaded from SourceForge.

If you're attending Black Hat USA, Mandiant's Chuck Willis will be conducting short demonstrations of the new VM at the Black Hat Arsenal, starting at 11:45 am today and tomorrow. Also, make sure to stop by our booth (#337). For a full listing of Mandiant activities at Black Hat, please click here.