The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
Some of its features and characteristics:
Then point your browser at (for example) http://localhost:8080/bodgeit
You may find it easier to find vulnerabilities using a pen test tool.
The Bodge It Store include the following significant vulnerabilities:
These are the changes made to BodgeIt v1.2.0:
A page has been added for changing you password, and there have been a few miscellaneous tweaks. But the most significant changes have been enablers for the security regression tests.
Some of its features and characteristics:
- Easy to install - just requires java and a servlet engine, e.g. Tomcat
- Self contained (no additional dependencies other than to 2 in the above line)
- Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required
- Cross platform
- Open source
- No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up
Then point your browser at (for example) http://localhost:8080/bodgeit
You may find it easier to find vulnerabilities using a pen test tool.
The Bodge It Store include the following significant vulnerabilities:
- Cross Site Scripting
- SQL injection
- Hidden (but unprotected) content
- Cross Site Request Forgery
- Debug code
- Insecure Object References
- Application logic vulnerabilities
These are the changes made to BodgeIt v1.2.0:
A page has been added for changing you password, and there have been a few miscellaneous tweaks. But the most significant changes have been enablers for the security regression tests.
