The object of the challenge v1 is to gain root level privileges and access to personal client information.
Register on the forums to receive an email update when a new challenge is released.
WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners.
The most significant section of the project is to create a core (kernel) that is designed to be best suited for servers (e.g. usually one process with many threads of varying priorities). Much (highly-regulated) assembly language and some C is used here to increase the performance and decrease bloat potential, (because to code this in assembly, it's ESSENTIAL to have excellent, lean code design).
Development of PwnOS will be switching to be done with PwnIDE once PwnIDE reaches version 0.2.4. Development so far has been done with RadASM and MASM32 for assembly, and Dev-C++ and MinGW for C/C++. Documentation is produced with Natural Docs. Custom linking is done with a utility called JLOC, and drive image writing is done with various utilities.
- Testing Web Application Security Scanners
- Testing Static Code Analysis tools (SCA)
- Giving an introductory course to Web Application Security
The OWASP Hackademic Challenges project implements realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective.
They have been especially designed for use in a classroom environment where they have been proved a valuable educational tool. Using OWASP Hackademic Challenges project students have the chance to experience application security in a realistic environment, something that triggers their interest and provokes a lot of interesting discussions.
Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc
Client attack simulation using HtmlUnit; no alert('xss') here.
Smooth difficulty gradient from moderately easy to fiendishly tricky.
Realistic vulnerabilities modelled from Google, Mozilla, etc (No rot13!)
Open ended play; progress by any means possible.
Want to beat the hackers at their own game?Learn how hackers find security vulnerabilities! Learn how hackers exploit web applications! Learn how to stop them!
How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.
To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).
SWEET (Secure WEb dEvelopment Teaching) is a set of portable teaching modules for secure web development. SWEET features eight teaching modules, six project modules and a virtualized web development platform that allows instructors to conduct hands-on laboratory exercises. The purpose of this project is to enhance the learning experience of computing students through standardized teaching modules and environment in secure web development. We have adopted this teaching tool to introduce web security concepts in both undergraduate and graduate courses. Each SWEET teaching module will be enough for a three-hour class containing lecture materials and hands-on laboratory exercises that are relevant to the contents in the lectures.