Search This Blog

Powered by Blogger.

Blog Archive

Labels

The BodgeIt Store v1.2.0 ~ Web Application Vulnerability Scanner

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
Some of its features and characteristics:
  • Easy to install - just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up 
All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.
Then point your browser at (for example) http://localhost:8080/bodgeit
You may find it easier to find vulnerabilities using a pen test tool.

The Bodge It Store include the following significant vulnerabilities:
  • Cross Site Scripting
  • SQL injection
  • Hidden (but unprotected) content
  • Cross Site Request Forgery
  • Debug code
  • Insecure Object References
  • Application logic vulnerabilities


These are the changes made to BodgeIt v1.2.0:

A page has been added for changing you password, and there have been a few miscellaneous tweaks. But the most significant changes have been enablers for the security regression tests.





Share it:

PenTesting Tools

Software Release

Vulnerability Scanner

Web Application Scanner