SecGen icon indicating copy to clipboard operation
SecGen copied to clipboard

Published 20 hours ago verified publisher icon cliffe

Vulnerable WebApps - Question

Open kerberosmansour opened this issue 7 years ago • 4 comments

@cliffe @lewisardern Does SecGen support the autogeneration of webapps? I could see a lot of infrastructure issues, but I'm more interested in web vulnerabilities i.e. injection attacks ala SQLi/XXE/Commandi etc..

I would like to have a random vulnerable webapp generator as part of a project I would like to work on.

Also do you support docker?

kerberosmansour avatar Jul 02 '17 18:07 kerberosmansour

Hi. Thanks for contacting us. This is something we are working on, but there is room for alternative approaches in separate SecGen modules. Hopefully we will have a first version to share sometime in a week or so, and will build on that to develop a new web security module. If you are happy to wait a few weeks you could see how we are approaching it, and add more security vulnerabilities to the site?

cliffe avatar Jul 03 '17 10:07 cliffe

@kerberosmansour I have some ideas for the web side of things, if you are at OWASP this month we can catch-up as the new code should be shipped by the students currently working on that aspect.

LewisArdern avatar Jul 03 '17 11:07 LewisArdern

Ok great! Thanks

On Mon, 3 Jul 2017 at 12:47 pm, Lewis [email protected] wrote:

@kerberosmansour https://github.com/kerberosmansour I have some ideas for the web side of things, if you are at OWASP this month we can catch-up as the new code should be shipped by the students currently working on that aspect.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/cliffe/SecGen/issues/96#issuecomment-312624934, or mute the thread https://github.com/notifications/unsubscribe-auth/AMz6wgoCJLrm26Z-qceb07wK3cBrBJ2uks5sKNS_gaJpZM4OLqW9 .

kerberosmansour avatar Jul 03 '17 11:07 kerberosmansour

See you at the next OWASP London event

Ok great! Thanks

On Mon, 3 Jul 2017 at 12:47 pm, Lewis [email protected] wrote:

@kerberosmansour https://github.com/kerberosmansour I have some ideas for the web side of things, if you are at OWASP this month we can catch-up as the new code should be shipped by the students currently working on that aspect.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/cliffe/SecGen/issues/96#issuecomment-312624934, or mute the thread https://github.com/notifications/unsubscribe-auth/AMz6wgoCJLrm26Z-qceb07wK3cBrBJ2uks5sKNS_gaJpZM4OLqW9 .

kerberosmansour avatar Jul 03 '17 11:07 kerberosmansour

SecGen has a bunch of vulnerable webapps, including some that have randomised vulnerabilities.

Closing this issue as I'm cleaning up the SecGen issue tracker. Thanks for your interest in the project.

You might be interested in our hosted solution: https://hacktivity.leedsbeckett.ac.uk/

cliffe avatar Apr 16 '24 23:04 cliffe