Vicnum v1.3 [OWASP Project] - Released!

A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.

Vicnum is helpful to IT auditors who need to hone web security skills and can also be used by those setting up ’capture the flag’ exercises or by those who just want to have some fun with web assessments.

JPEG - 7.2 kb

Vicnum the basics

Easy to modify

  • Can be used to test out new hacks and new defenses
  • Can be used to test whether a Web VA can detect a vulnerability
  • Or whether a Web firewall can protect a vulnerability
  • Can be tailored to address different auditor skill sets
  • Can be tailored to accommodate different levels of "capture the flag" exercises.