Difference between revisions of "OWASP Faux Bank Project"

From OWASP
Jump to: navigation, search
m
Line 5: Line 5:
 
[[File:Owaspfauxbanklogo-big.png]]
 
[[File:Owaspfauxbanklogo-big.png]]
  
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
+
OWASP Faux Bank is a real-world type system with all 10 of OWASPs top 10 vulnerabilities implemented.
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
+
The idea behind this project is to have a website with vulnerabilities that developers can play with an exploit, and then view the source code to see the site is vulnerable. OWASP Faux Bank also features a "secure mode", which prevents exploits, so that developers can also see how these vulnerabilities can be prevented within web applications.
  
==OWASP Faux Bank Project==
+
The full source code is available from GitHub at: [[github.com/thatcoderguy/owasp-faux-bank]]
  
OWASP Faux Bank is...
+
Currently OWASP Faux Bank is written in Classic ASP, but eventually there will also be PHP and .Net versions written, so that developers of these languages can also see how the vulnerabilities work.
 
+
==Introduction==
+
 
+
 
+
==Description==
+
 
+
Faux bank has all 10 of the top vulnerabilities implemented, as well as fixes for these vulnerabilities. The idea is that developers can see a real-world system with vulnerabilities, so that they can see what to look for and how to write secure code
+
 
+
 
+
==Licensing==
+
OWASP Faux Bank is free to use. It is licensed under the Apache 2.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+
 
+
 
+
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
+
 
+
== What is Faux Bank? ==
+
 
+
OWASP Faux Bank  provides:
+
 
+
* 3 of a website versions written in the 3 different languages (asp, php, c#) , including the database sql file, so that they can be setup and run by anyone.
+
 
+
 
+
== Presentation ==
+
  
 +
OWASP Faux Bank is also running at: [[www.fauxbank.co.uk]] with all of the vulnerabilities implemented.
  
 
== Project Leader ==
 
== Project Leader ==
 
[mailto:davie.elliott@owaps.org Davie Elliott]
 
[mailto:davie.elliott@owaps.org Davie Elliott]
  
== Related Projects ==
+
I am a web developer with 9 years commercial experience, currently in a Technical Director position for a small website company. I have an avid interest in security; network and web application development, and have written numerous pieces security software and also trained developers on how to write secure code. I have my own website: [[www.thatcoderguy.co.uk]] which also hosts my bi-weekly blog where I write about security and web development.
 
+
 
+
== Ohloh ==
+
 
+
 
+
| valign="top"  style="padding-left:25px;width:200px;" |
+
 
+
== Quick Download ==
+
 
+
  
 +
== Licensing ==
 +
OWASP Faux Bank is free to use. It is licensed under the Apache 2.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
  
 
== Email List ==
 
== Email List ==
 
[https://lists.owasp.org/mailman/listinfo/owasp_faux_bank Sign Up!]
 
[https://lists.owasp.org/mailman/listinfo/owasp_faux_bank Sign Up!]
  
== News and Events ==
 
 
 
== In Print ==
 
 
 
 
==Classifications==
 
 
  {| width="200" cellpadding="2"
 
  |-
 
  | align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 
  |-
 
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 
  |-
 
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
  |-
 
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 
  |}
 
 
|}
 
 
=FAQs=
 
 
; Q1
 
: A1
 
 
; Q2
 
: A2
 
 
= Acknowledgements =
 
==Volunteers==
 
Faux Bank is developed by a worldwide team of volunteers. The primary contributors to date have been:
 
  
* xxx
+
=The Vulnerabilities=
* xxx
+
  
==Others==
 
* xxx
 
* xxx
 
  
= Road Map and Getting Involved =
 
As of June, the priorities are:
 
* The classic asp version currently has 5 of 10 of the 10 vulnerabilities, I anticipate this version will be completed by July 30th. The php version should take more than a few weeks. The .net version will be tricker, but that should be completed by October/November - assuming I can still maintain my current hours on the project.
 
  
Involvement in the development and promotion of Faux Bank is actively encouraged!
 
You do not have to be a security expert in order to contribute.
 
Some of the ways you can help:
 
* xxx
 
* xxx
 
  
 +
=Road Map and Getting Involved=
  
  
=Project About=
 
{{:Projects/OWASP_Faux_Bank_Page}} 
 
  
__NOTOC__ <headertabs />
 
  
 
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
 
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]

Revision as of 16:38, 7 July 2014

Main

OWASP Project Header.jpg

Owaspfauxbanklogo-big.png

OWASP Faux Bank is a real-world type system with all 10 of OWASPs top 10 vulnerabilities implemented. The idea behind this project is to have a website with vulnerabilities that developers can play with an exploit, and then view the source code to see the site is vulnerable. OWASP Faux Bank also features a "secure mode", which prevents exploits, so that developers can also see how these vulnerabilities can be prevented within web applications.

The full source code is available from GitHub at: github.com/thatcoderguy/owasp-faux-bank

Currently OWASP Faux Bank is written in Classic ASP, but eventually there will also be PHP and .Net versions written, so that developers of these languages can also see how the vulnerabilities work.

OWASP Faux Bank is also running at: www.fauxbank.co.uk with all of the vulnerabilities implemented.

Project Leader

Davie Elliott

I am a web developer with 9 years commercial experience, currently in a Technical Director position for a small website company. I have an avid interest in security; network and web application development, and have written numerous pieces security software and also trained developers on how to write secure code. I have my own website: www.thatcoderguy.co.uk which also hosts my bi-weekly blog where I write about security and web development.

Licensing

OWASP Faux Bank is free to use. It is licensed under the Apache 2.0 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Email List

Sign Up!


The Vulnerabilities

Road Map and Getting Involved