Difference between revisions of "OWASP Broken Web Applications Project"

From OWASP
Jump to: navigation, search
 
(2 intermediate revisions by one user not shown)
Line 1: Line 1:
 
==== Main  ====
 
==== Main  ====
  
The Broken Web Applications Project (BWA) is an effort to provide
+
The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:
a wealth of applications with known vulnerabilities for those interested in:
+
  
 
*learning about web application security
 
*learning about web application security
Line 11: Line 10:
 
*testing WAFs and similar code technologies
 
*testing WAFs and similar code technologies
  
all the while saving people interested in doing either learning or testing
+
all the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things
the pain of having to compile, configure, and catalog all of the things
+
 
normally involved in doing this process from scratch.
 
normally involved in doing this process from scratch.
  
Line 24: Line 22:
  
 
==== News ====
 
==== News ====
 +
 +
27-Sep-2013 -- OWASP Broken Web Applications version 1.1.1 was released.
 +
 +
30-Jul-2013 -- OWASP Broken Web Applications version 1.1 was released.
  
 
25-Jul-2012 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.
 
25-Jul-2012 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.
 +
 +
24-Jul-2012 -- OWASP Broken Web Applications version 1.0 was released.
  
 
14-Jul-2012 -- OWASP Broken Web Applications version 1.0rc2 was released.
 
14-Jul-2012 -- OWASP Broken Web Applications version 1.0rc2 was released.

Latest revision as of 13:51, 28 September 2013

Main

The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:

  • learning about web application security
  • testing manual assessment techniques
  • testing automated tools
  • testing source code analysis tools
  • observing web attacks
  • testing WAFs and similar code technologies

all the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.


We urge interested parties to join our Google Group or check out our Google Code Page.

Direct Download link

This project is sponsored in part by AppSecDC2009-Sponsor-mandiant.gif

News

27-Sep-2013 -- OWASP Broken Web Applications version 1.1.1 was released.

30-Jul-2013 -- OWASP Broken Web Applications version 1.1 was released.

25-Jul-2012 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.

24-Jul-2012 -- OWASP Broken Web Applications version 1.0 was released.

14-Jul-2012 -- OWASP Broken Web Applications version 1.0rc2 was released.

4-Apr-2012 -- OWASP Broken Web Applications version 1.0rc1 was released at OWASP AppSec DC.

4-Aug-2011 -- Chuck Willis demonstrates OWASP BWA at the Black Hat USA Arsenal.

24-Jul-2011 -- OWASP Broken Web Applications version 0.94 was released.

27-Jan-2011 -- Chuck Willis presents OWASP BWA at the DoD Cyber Crime Conference.

19-Jan-2011 -- OWASP Broken Web Applications version 0.93rc1 was released.

15-Nov-2010 -- OWASP Broken Web Applications version 0.92rc2 was released.

10-Nov-2010 -- OWASP Broken Web Applications version 0.92rc1 was released.

10-Nov-2010 -- Chuck Willis presents OWASP BWA at OWASP AppSec DC.

24-Mar-2010 -- OWASP Broken Web Applications version 0.91rc1 was released.

5-Feb-2010 -- Doug Wilson presents on OWASP BWA at ShmooCon in Washington DC at 6 PM

31-Jan-2010 -- We are now an "official" OWASP project, just in time for ShmooCon!

27-Jan-2010 -- Chuck Willis presents BWA at the DoD Cybercrime conference


Project Details


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP Broken Web Applications Project

Purpose: a collection of vulnerable web applications that is distributed on a Virtual Machine.

License: Any custom code / modifications are GPLv2, but this does not override the license of each individual software package we incorporate. All software is open source.

who is working on this project?
Project Leader: Chuck Willis @

Project Maintainer:

Project Contributor(s):

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: View

Mailing list: N/A

Project Roadmap: To view, click here

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Chuck Willis @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Release 1.1.1 - September 27, 2013 - (download)

Release Leader: Chuck Willis @

Release details: Main links, release roadmap and assessment

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0