OWASP Mutillidae

From Embedded Lab Vienna for IoT & Security
Revision as of 06:32, 18 December 2020 by JMurgescu (talk | contribs) (Created page with "OWASP Mutillidae is a "Vulnerable Web Application" that allows users to test Exploits in a legal manner inside a insulated Sandbox Environment. A big advantage of Mutillidae i...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

OWASP Mutillidae is a "Vulnerable Web Application" that allows users to test Exploits in a legal manner inside a insulated Sandbox Environment. A big advantage of Mutillidae is the fact that it doesn't rely on "Magic Statements" - user inputs that are checked against a predefined list of accepted solutions. Instead, the way to complete challenges is completely up to the users. Mutillidae Version II has been written by Jeremy Druin and currently contains about 40 Exploits and Skill Challenges, mainly picked from the OWASP Top Ten Vulnerabilities.

Installation

In order to use Mutillidae[1], the XAMPP-Stack[2] has to be running on the user's OS. The Mutillidae source code can then be placed inside XAMPP's "htdocs" folder. This will allow the website to be reached under the specified link.

User Interface

Landing page.png

As seen above, different features can be controlled on the landing page. The horizontal bar on top e.g. offers the possibility to hide or show hints, toggle through the three security levels or reset the backend database. On the left side, users can choose from different Vulnerabilities, sorted by the different published OWASP Vulnerabilities published throughout time. Pages will be offered, on which the specified Vulnerabilities can be tested. If hints are activated, the system will describe potential vulnerabilities presented by the different elements shown on the site.

Retrieved from "https://wiki.elvis.science/index.php?title=OWASP_Mutillidae&oldid=5044"