OWASP VulnerableApp

As Web Applications are becoming popular these days, there comes a dire need to secure them. Although there are several Vulnerability Scanning Tools, however, while developing these tools, developers need to test them. Moreover, they also need to know how well the Vulnerability Scanning tool is performing. As of now, there are few or no such vulnerable applications existing for testing such tools. There are Deliberately Vulnerable Applications existing in the market but they are not written with such an intent and hence lag extensibility, e.g. adding new vulnerabilities is quite difficult. Hence, developers resort to writing their own vulnerable applications, which usually causes productivity loss and the pain of reworking.

VulnerableApp is built keeping these factors in mind. This project is scalable, extensible, easier to integrate, and easier to learn. As solving the above issue requires the addition of various vulnerabilities, hence it becomes a very good platform to learn various security vulnerabilities.

Future Goal

Going further, this application might become a database for vulnerabilities. Hence, in the future, it can be used for hosting CTFs and can also become a compliance/benchmark for Vulnerability Scanning tools.

Currently handled Vulnerability types

  1. JWT Vulnerability
  2. Command Injection
  3. File Upload Vulnerability
  4. Path Traversal Vulnerability
  5. SQL Injection
    1. Error Based SQLi
    2. Union Based SQLi
    3. Blind SQLi
  6. XSS
    1. Persistent XSS
    2. Reflected XSS
  7. XXE
  8. Open Redirect
    1. Http 3xx Status code based
  9. SSRF

Changelog v1.11.25

Tests for union based sql injection (#444)

* Add first version of unit tests for union based sql injection vulnerability

* Added tests for the UnionBasedSQLInjction


Copyright (C) 2019 SasanLabs