Tuesday, November 19, 2013

OWASP Vulnerable Web Applications Directory (VWAD) Project

For about two years (Oct 2011 - Oct 2013) I have been maintaing the "Hacking Vulnerable Web Applications Without Going To Jail" blog post, adding new vulnerable web applications you can use to put in practice your knowledge and skills acquired during web application security training sessions, as well as to test any web hacking tools and offensive techniques.

However, last month we (Simon Bennetts, ZAP project lead, and myself) created the "OWASP Vulnerable Web Applications Directory (VWAD) Project", migrating the previous list to a new community OWASP project where more people can contribute and get access to the current directory of vulnerable web apps. The vulnerable web applications have been classified in three categories: online, offline, and virtual machines or ISO images.

If you are interested in contributing to the project, you have two options:
From a technical perspective, the GITHUB VWAD repository contains a couple of Python scripts to convert the wiki contents into TSV (Tab Separated Value) files, and vice versa. You can use the TSV files to import the VWAD contents into other projects or tools.

Enjoy and contribute to the VWAD project! :-)

Wednesday, November 13, 2013

The Birth of the DinoSec Blog

And the story continues... Almost four years ago we founded the Taddong Security Blog, replacing our first information security blog, RaDaJo, originally created about four years before. So, it seems I'm fated to change blogs every four years... :-)

The new DinoSec blog, that comes to light today, will be one of the main channels DinoSec will use to publish and promote the security research, open-source and community contributions, tools, and cutting-edge professional activities Monica and I (Raul) will be performing. DinoSec is an independent information security company we established in Spain in 2008 to support our daily activities with no public presence.

DinoSec has a worldwide service scope, focused on improving its customers information security stance, by discovering and eliminating or mitigating the real risks that threaten their information technology infrastructures, applications, systems and networks. More details about the company are available on its website, www.dinosec.com, where you can also find our contact details.
If you were a previous Taddong blog reader and follower (or even a previous RaDaJo blog reader; if this is the case... hats off to you!), we are really glad to have you with us again in this new and exciting journey. If you are joining us for the first time, we welcome you on board. In any case, the blog relies on your presence and feedback, so do not forget to subscribe to the blog feed by using the syndication buttons available on the right sidebar. Now that DinoSec comes to light, you can also follow our activities in other social networks, such as Twitter, and in the future we might be active too in LinkedIn, Google+, YouTube, Vimeo, and/or Facebook.

Effective immediately, we are switching from Taddong blog to DinoSec blog!