OWASP Broken Web Applications Version 1.1.1 Released
157 views
Skip to first unread message
Chuck Willis
Sep 28, 2013, 3:07:49 PM9/28/13
to owaspbwa
Good afternoon, all,
I'm proud to announce the released of version 1.1.1 of the OWASPBWA VM. This release is relatively minor, but there were a couple items that I wanted to address:- Fixed issue with Tomcat not starting in some circumstances (http://code.google.com/p/owaspbwa/issues/detail?id=83). Thanks to the individuals who reported this issue (that I did not experience) and confirmed the fix.
- VM is now available for download in .ova format, which should make it easier to use in virtualization packages other than VMware products.
As a refresher, the changelogs for version 1.1 are included at the bottom of this email. File names, MD5s, and sizes for this release are below:
OWASP_Broken_Web_Apps_VM_1.1.1.7z MD5: 388fe51941133854c895661c7493126c Size: 1.2 GB
OWASP_Broken_Web_Apps_VM_1.1.1.zip MD5: 6355c7bb17ddbf03e7e8b7b36ed3124c Size: 1.6 GB
OWASP_Broken_Web_Apps_VM_1.1.1.ova MD5: 9e3dcc03ac8f8de2b0d02d3b8e68fd56 Size: 1.8 GB
If you notice any issues with the VM, please let us know via the issue tracker on Google Code (preferred - https://code.google.com/p/owaspbwa/issues/list), email to the group here, or email directly to me. Also, please continue to submit (and view) vulnerabilities at http://sourceforge.net/apps/trac/owaspbwa/report/1.
Chuck
Version 1.1 - 2013-07-30
- Updated Mutillidae, Cyclone, and WAVSEP
- Updated OWASP Bricks and configured it to pull from SVN
- Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include Lua support
- Increased VM's RAM allocation to 1Gb
- Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP)
- Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional
Version 1.1beta1 - 2013-07-10
- Added new applications: OWASP 1-liner, OWASP RailsGoat, OWASP Bricks, SpiderLabs "Magical Code Injection Rainbow", Cyclone
- Updated Mutillidae (name, version, and to use new SVN repository)
- Updated DVWA to new Git repository
- Added SSL support to web server
- Updated ModSecurity and updated Core Rule Set to current in Git
- Known issues:
o ModSecurity CRS blocking does not work
o OWASP 1-liner application appears to have functional issues (it was heavily modified to run on the VM through Apache)
o Other new applications have not been fully tested
o User Guide has not been updated
Version 1.1 - 2013-07-30
- Updated Mutillidae, Cyclone, and WAVSEP
- Updated OWASP Bricks and configured it to pull from SVN
- Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include Lua support
- Increased VM's RAM allocation to 1Gb
- Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP)
- Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional
Version 1.1beta1 - 2013-07-10
- Added new applications: OWASP 1-liner, OWASP RailsGoat, OWASP Bricks, SpiderLabs "Magical Code Injection Rainbow", Cyclone
- Updated Mutillidae (name, version, and to use new SVN repository)
- Updated DVWA to new Git repository
- Added SSL support to web server
- Updated ModSecurity and updated Core Rule Set to current in Git
- Known issues:
o ModSecurity CRS blocking does not work
o OWASP 1-liner application appears to have functional issues (it was heavily modified to run on the VM through Apache)
o Other new applications have not been fully tested
o User Guide has not been updated
Reply all
Reply to author
Forward
0 new messages