Research and Development

VulnApp is a vulnerable web application written in

Recently myself and a colleague were asked to give some training to a client’s development team. My colleague was asked to give the main training session whilst I was asked to run a post training game to test the developers retention of the concepts. After looking at some of the existing applications I decided I’d like to write my own. The result of this is VulnApp, a BSD licensed application implementing some of the most common applications we come across on our penetration testing engagements. The source is also available from my CVS server so that others can, if they like, contribute.

To make it easier for developers to learn, I’ve logged tickets for all of the intentional vulnerabilities I’ve introduced along the way. Be aware that there might be others I’ve missed, particularly gaps in the enforcement of ACLs and logic bugs. I’d encourage you to log any other vulnerabilities you find along the way.

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)