Get your favorite dynamic application security scanner ready to try out Hackazon! Hackazon, is a modern vulnerable web application. Hackazon looks like an online storefront with a modern AJAX interface, strict workflows and RESTful API's used by a companion mobile app. Hackazon is here to replace the old Web 1.0 test apps (WebGoat, DVWA, Hackme Bank and Hackme Casino) that no longer mirror the applications we see in the wild. Will your application security scanner successfully test this site? Doubt it! Even manual pen testers will have their hands full testing their skills against it.
There are vulnerabilities scattered throughout Hackazon, and each vulnerable area is configurable so that users can change the vulnerability landscape to prevent “known vuln testing” or any other form of cheating. To find all the vulnerabilities in Hackazon it will require proper handling of not only classic web security, but will require testing RESTful interface formats that power AJAX functionality and mobile clients (JSON, XML, GwT, and AMF). It will also require tedious testing of strict workflows common in todays business applications.
Hackazon is an open source application that will ultimately be contributed to OWASP to be included with the other vulnerable test applications.
During this workshop, Dan will give you a sneak preview of Hackazon, and seek your input as to what you’re seeing in applications and would like to see in Hackazon.