EvilZone

Hacking and Security => Hacking and Security => : Neopal February 20, 2013, 04:17:16 AM

: Introducing OWASP Bricks
: Neopal February 20, 2013, 04:17:16 AM

OWASP Bricks is a web application security learning platform built on PHP and MySQL.

(http://1.bp.blogspot.com/-Ll1HKqmfWnc/URKXxwfDNII/AAAAAAAAFuE/fOg33Dp4h9w/s1600/544614_332350906884760_1595861368_n.png)

The project focuses on variations of commonly seen application security issues. Each 'Brick' has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to 'Break the Bricks' and thus learn the various aspects of web application security.

(http://4.bp.blogspot.com/-ryRYEjhBQiY/USOy9VNmS-I/AAAAAAAAFwU/nk9Vt9BgJq8/s800/Fullscreen+capture+19-02-2013+224236.png)



Currently there are four challenges available:
Challenge #1 - A simple log in page vulnerable to SQL injection. (http://sechow.com/bricks/docs/login-1.html)
Challenge #2 - A simple file upload page vulnerable to arbitrary file upload. (http://sechow.com/bricks/docs/file-upload-1.html)
Challenge #3 - A normal content displaying page with Integer based SQL injection vulnerability in the URL. (http://sechow.com/bricks/docs/content-page-1.html)
Challenge #4 - Another log in page.


Videos are available on OWASP Bricks YouTube channel. (https://www.youtube.com/OWASPBricks)



OWASP Bricks website: owasp.org/index.php/OWASP_Bricks (http://owasp.org/index.php/OWASP_Bricks)
OWASP Bricks documentations: sechow.com/bricks/docs (http://sechow.com/bricks/docs/)
Blog: owaspbricks.blogspot.com (http://owaspbricks.blogspot.com/)


Challenge #4 ( Log in page #2) is open for the public at the moment of writing. All the previous challenges are solved and their docs and videos are available.