Authentication, authorization and session management issues
Arbitrary file access and directory traversals
Local and remote file inclusions (LFI/RFI)
Server Side Request Forgery (SSRF)
XML External Entity Attacks (XXE)
Heartbleed vulnerability (OpenSSL)
Shellshock vulnerability (CGI)
Drupal SQL injection (Drupageddon)
Configuration issues: Man-in-the-Middle, cross-domain policy file, information disclosures,...
HTTP parameter pollution and HTTP response splitting
Denial-of-Service (DoS) attacks
HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues
Unvalidated redirects and forwards
Parameter tampering
PHP-CGI vulnerability
Insecure cryptographic storage
AJAX and Web Services issues (JSON/XML/SOAP)
Cookie and password reset poisoning
Insecure FTP, SNMP and WebDAV configurations
and much more...
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows using Apache/IIS and MySQL. It can be installed with WAMP or XAMPP.
It's also possible to download our bee-box, a custom VM pre-installed with bWAPP.
This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education.
IT security, ethical hacking, training and fun... all mixed together.