OWASP BWA version 1.1 released
124 views
Skip to first unread message
Chuck Willis
Jul 30, 2013, 9:22:19 AM7/30/13
to owaspbwa
I am proud to announce the release of the OWASP Broken Web Applications Project VM version 1.1. This new release is now available for download from https://sourceforge.net/projects/owaspbwa/files/. There were only a few minor updates and bug fixes from the previous beta. The changelog for this release and 1.1beta1 are included at the end of this message.
File names, MD5s, and sizes are below:
OWASP_Broken_Web_Apps_VM_1.1.7z MD5: 5eff70ca9d696562647019b9f6e639df Size: 1.3 Gb
OWASP_Broken_Web_Apps_VM_1.1.zip MD5: 5ca26d4511224e36694010b81d078e5d Size: 1.8 Gb
If you notice any issues with the VM, please let us know via the issue tracker on Google Code (preferred - https://code.google.com/p/owaspbwa/issues/list), email to the group here, or email directly to me. Also, please continue to submit (and view) vulnerabilities at http://sourceforge.net/apps/trac/owaspbwa/report/1.
Chuck
Version 1.1 - 2013-07-30
- Updated Mutillidae, Cyclone, and WAVSEP
- Updated OWASP Bricks and configured it to pull from SVN
- Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include Lua support
- Increased VM's RAM allocation to 1Gb
- Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP)
- Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional
Version 1.1beta1 - 2013-07-10
- Added new applications: OWASP 1-liner, OWASP RailsGoat, OWASP Bricks, SpiderLabs "Magical Code Injection Rainbow", Cyclone
- Updated Mutillidae (name, version, and to use new SVN repository)
- Updated DVWA to new Git repository
- Added SSL support to web server
- Updated ModSecurity and updated Core Rule Set to current in Git
File names, MD5s, and sizes are below:
OWASP_Broken_Web_Apps_VM_1.1.7z MD5: 5eff70ca9d696562647019b9f6e639df Size: 1.3 Gb
OWASP_Broken_Web_Apps_VM_1.1.zip MD5: 5ca26d4511224e36694010b81d078e5d Size: 1.8 Gb
If you notice any issues with the VM, please let us know via the issue tracker on Google Code (preferred - https://code.google.com/p/owaspbwa/issues/list), email to the group here, or email directly to me. Also, please continue to submit (and view) vulnerabilities at http://sourceforge.net/apps/trac/owaspbwa/report/1.
Chuck
Version 1.1 - 2013-07-30
- Updated Mutillidae, Cyclone, and WAVSEP
- Updated OWASP Bricks and configured it to pull from SVN
- Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include Lua support
- Increased VM's RAM allocation to 1Gb
- Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP)
- Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional
Version 1.1beta1 - 2013-07-10
- Added new applications: OWASP 1-liner, OWASP RailsGoat, OWASP Bricks, SpiderLabs "Magical Code Injection Rainbow", Cyclone
- Updated Mutillidae (name, version, and to use new SVN repository)
- Updated DVWA to new Git repository
- Added SSL support to web server
- Updated ModSecurity and updated Core Rule Set to current in Git
Reply all
Reply to author
Forward
0 new messages