0

I am looking for a very insecure ASP.NET application. Ideally i'm looking for an application that was written by a noob who has made a lot of security mistakes. If the app has a MS-SQL back-end that would be a bonus. I know of two cool projects for PHP and J2EE which fill my needs. Do you know anything like this for ASP.NET?

Improve this question
2
  • 3
    hmmm, not sure many people will be rushing to nominate their apps! Commented Jan 28, 2010 at 0:36
  • 1
    thedailywtf.com (I mean the articles on the site, not the site itself!) Commented Jan 28, 2010 at 0:49

4 Answers 4

Reset to default
6

Hacme Bank is a pretty good example from Foundstone of what not to do. It's an older example, written in .NET 1.1 against SQL 2000, but covers most of the common vulnerabilities found in web applications.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I know one... there's a business near where I live, and I refuse to join their loyalty program because I accidentally stumbled across a SQL injection vulnerability on their site. I can't tell you who it is though, because they're a real business and I'm sure they don't want your students to hack them.

Why not write your own? Maybe start a codeplex project called LearnSecurity, which has a combination of pages - some which use bad security practices and some which don't.

Improve this answer

2 Comments

Well said. My guess his main intent is to demonstrate the weakness of ASP.NET. While writing a vulnerable app in ASP.NET is easy, it not easy to write a good one that demonstrates the weakness of ASP.NET and other Microsoft technologies.
"My guess his main intent is to demonstrate the weakness of ASP.NET." -- you mean the weakness of any web application created by an inexperienced or otherwise inept developer.
0

Yes, as Rob suggested ... you could make a couple of pages ... on the first get the input from a field and execute it against the database :) On the second, just get some text from the db that contains javascript alert or something and render it directly on the page :) Just an idea ...

Improve this answer

Comments

0

You can search the vulnerabilities databases, like NISTs one.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.