• Like
  • Save
Vicnum: A vulnerable Web App
Upcoming SlideShare
Loading in...5
×
 

Vicnum: A vulnerable Web App

on

  • 1,244 views

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up \’capture the ...

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up \’capture the flag\’ .

Statistics

Views

Total Views
1,244
Views on SlideShare
1,237
Embed Views
7

Actions

Likes
0
Downloads
3
Comments
0

2 Embeds 7

http://www.linkedin.com 6
http://www.lmodules.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Player’s guess need not be unique.

Vicnum: A vulnerable Web App Vicnum: A vulnerable Web App Presentation Transcript

  • Vicnum –Description Mordecai Kraushar CipherTechs [email_address] Auditor, Trainer Education Project
  • Vicnum the basics
    • A vulnerable web app using LAMP
      • Perl
      • PHP
    • Packaged as a Ubuntu VMWare guest or as a zip
    • Open Source code released in 2009
    • An OWASP project http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
    • Available for download at https://sourceforge.net/projects/vicnum/
    • Online ‘playing’ possible at http://vicnum.ciphertechs.com
  • Vicnum – the game
    • – Based on a game played to kill time
      • You enter your name to start playing the game
      • The computer picks a three digit number with unique digits
      • Player tries to guess the computer’s number
      • Computer remembers its number and the player’s guesses
      • For each guess the computer will tell the player:
        • “ How many right and how many in the right position” and the number of guesses so far
      • Eventually number is guessed and the player is prompted to store their results in a database
  • Vicnum’s real goal
    • Have fun and generate interest in the field
    • A flexible lightweight vulnerable web application useful to auditor’s honing their web app security skills
    • Easy to install, easy to grasp
    • Easy to modify
      • Can be used to test out new hacks and new defenses
      • Can be used to test whether a Web VA can detect a vulnerability
      • Or whether a Web firewall can protect a vulnerability
      • Can be tailored to address different auditor skill sets
      • Can be tailored to accommodate different levels of ‘capture the flag’ exercises