Portcullis Labs » ASP.net https://labs.portcullis.co.uk Research and Development en-US hourly 1 http://wordpress.org/?v=3.8.5 VulnApp https://labs.portcullis.co.uk/tools/vulnapp/ https://labs.portcullis.co.uk/tools/vulnapp/#comments Fri, 26 Apr 2013 18:13:51 +0000 http://wordpress.65535.com/blogtest/?p=166 VulnApp is a vulnerable web application written in ASP.net. Recently myself and a colleague were asked to give some training to a client’s ASP.net development team. My colleague was asked to give the main training session whilst I was asked to run a post training game to test the developers retention of the concepts. After […]

The post VulnApp appeared first on Portcullis Labs.

]]> VulnApp is a vulnerable web application written in ASP.net.

Recently myself and a colleague were asked to give some training to a client’s ASP.net development team. My colleague was asked to give the main training session whilst I was asked to run a post training game to test the developers retention of the concepts. After looking at some of the existing ASP.net applications I decided I’d like to write my own. The result of this is VulnApp, a BSD licensed ASP.net application implementing some of the most common applications we come across on our penetration testing engagements. The source is also available from my CVS server so that others can, if they like, contribute.

To make it easier for developers to learn, I’ve logged tickets for all of the intentional vulnerabilities I’ve introduced along the way. Be aware that there might be others I’ve missed, particularly gaps in the enforcement of ACLs and logic bugs. I’d encourage you to log any other vulnerabilities you find along the way.

VulnApp-1.1 Tar
VulnApp-1.1.tar.gz
April 26, 2013
574.9 KiB
MD5 hash: 5f6cf3624eaa1d55a5cebe56b3c8f99d
Details
VulnApp-1.0 Tar
VulnApp-1.0.tar.gz
April 26, 2013
570.8 KiB
MD5 hash: 64e81706e98f6e643ed7cff33e0043a3
Details

The post VulnApp appeared first on Portcullis Labs.

]]> https://labs.portcullis.co.uk/tools/vulnapp/feed/ 0