Vicnum v1.4 released
A lightweight flexible vulnerable web application written in PERL and PHP. It demonstrates common web application vulnerabilities such as cross site scripting and session management issues.
Vicnum is helpful to IT auditors who need to hone web security skills and can also be used by those setting up ’capture the flag’ exercises or by those who just want to have some fun with web assessments.
Vicnum the basics
- A vulnerable web app using LAMP
- Packaged as a Ubuntu VMWare guest or as a zip
- Open Source code released in 2009
- An OWASP project: Vicnum
- Online "playing" possible at http://vicnum.ciphertechs.com
Easy to modify
- Can be used to test out new hacks and new defenses
- Can be used to test whether a Web VA can detect a vulnerability
- Or whether a Web firewall can protect a vulnerability
- Can be tailored to address different auditor skill sets
- Can be tailored to accommodate different levels of "capture the flag" exercises.
- Project Pamphlet: View
- 3x slide Project Presentation: View
- License: GNU General Public License (GPL)
More information: here