Vicnum v1.3 [OWASP Project] - Released!
Vicnum is helpful to IT auditors who need to hone web security skills and can also be used by those setting up ’capture the flag’ exercises or by those who just want to have some fun with web assessments.
Vicnum the basics
- A vulnerable web app using LAMP
- Packaged as a Ubuntu VMWare guest or as a zip
- Open Source code released in 2009
- An OWASP project: Vicnum
- Online "playing" possible at http://vicnum.ciphertechs.com
Easy to modify
- Can be used to test out new hacks and new defenses
- Can be used to test whether a Web VA can detect a vulnerability
- Or whether a Web firewall can protect a vulnerability
- Can be tailored to address different auditor skill sets
- Can be tailored to accommodate different levels of "capture the flag" exercises.