From 7fe7b2c5dd2e5535bc9c7b91f2c680182ecbb4bb Mon Sep 17 00:00:00 2001 From: Jon Gadsden Date: Sun, 11 Aug 2024 07:10:09 +0100 Subject: [PATCH] add reference to VWAD --- .wordlist.txt | 1 + contributing.md | 6 +++--- .../01-vulnerable-apps/00-toc.md | 14 +++++++++++++- .../01-vulnerable-apps/toc.md | 12 ++++++++++++ draft/09-training-education/04-samurai-wtf.md | 2 +- 5 files changed, 30 insertions(+), 5 deletions(-) diff --git a/.wordlist.txt b/.wordlist.txt index ec21cf2a..da331756 100644 --- a/.wordlist.txt +++ b/.wordlist.txt @@ -494,3 +494,4 @@ OAuth OpenID Multifactor XXE +VWAD diff --git a/contributing.md b/contributing.md index 55f6ce56..c87f7b1e 100644 --- a/contributing.md +++ b/contributing.md @@ -121,13 +121,13 @@ Follow instructions to install the command line [lychee][lychee-install] and [pa To install `markdownlint-cli2` use npm: `npm install markdownlint-cli2 --global`, and to install `pyspelling` use pip: `pip install pyspelling` -## Release process +#### Release process The release process is automatic, and triggers when the repo is tagged with a version number. To trigger the release this process from within a cloned repo: -1. tag the release, for example: `git tag 4.1.2` -2. push to the repo, for example: `git push origin 4.1.2` +1. tag the release, for example: `git tag 4.1.3` +2. push to the repo, for example: `git push origin 4.1.3` The github release workflow then creates the pull request with modifications to the release area promoted from the draft area. diff --git a/draft/09-training-education/01-vulnerable-apps/00-toc.md b/draft/09-training-education/01-vulnerable-apps/00-toc.md index 51eee4fb..36960321 100644 --- a/draft/09-training-education/01-vulnerable-apps/00-toc.md +++ b/draft/09-training-education/01-vulnerable-apps/00-toc.md @@ -20,9 +20,16 @@ described in the SAMM [Training and Awareness][sammgegta] section, which in turn is part of the SAMM [Education & Guidance][sammgeg] security practice within the [Governance][sammg] business function. -The vulnerable applications provide a safe environment where various vulnerable targets can be attacked. +The intentionally-vulnerable applications provide a safe environment where various vulnerable targets can be attacked. This provides practice in using various penetration tools available to a tester, without the risk of attack traffic triggering intrusion detection systems. +The OWASP [Vulnerable Web Applications Directory Project][vwad] (VWAD) provides a comprehensive list of +available intentionally-vulnerable web applications: + +* Vulnerable [mobile applications][vwad-mobile] +* [Offline][vwad-offline] vulnerable web applications +* [Containerized][vwad-containers] vulnerable web applications +* vulnerable web applications [available Online][vwad-online] Sections: @@ -39,5 +46,10 @@ The OWASP Developer Guide is a community effort; if there is something that need [sammg]: https://owaspsamm.org/model/governance/ [sammgeg]: https://owaspsamm.org/model/governance/education-and-guidance/ [sammgegta]: https://owaspsamm.org/model/governance/education-and-guidance/stream-a/ +[vwad]: https://owasp.org/www-project-vulnerable-web-applications-directory/ +[vwad-containers]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-container +[vwad-mobile]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-mobile +[vwad-online]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-online +[vwad-offline]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-offline \newpage diff --git a/draft/09-training-education/01-vulnerable-apps/toc.md b/draft/09-training-education/01-vulnerable-apps/toc.md index 1dbce9d4..db3e664b 100644 --- a/draft/09-training-education/01-vulnerable-apps/toc.md +++ b/draft/09-training-education/01-vulnerable-apps/toc.md @@ -34,6 +34,13 @@ within the [Governance][sammg] business function. The vulnerable applications provide a safe environment where various vulnerable targets can be attacked. This provides practice in using various penetration tools available to a tester, without the risk of attack traffic triggering intrusion detection systems. +The OWASP [Vulnerable Web Applications Directory Project][vwad] (VWAD) provides a comprehensive list of +available intentionally-vulnerable web applications: + +* Vulnerable [mobile applications][vwad-mobile] +* [Offline][vwad-offline] vulnerable web applications +* [Containerized][vwad-containers] vulnerable web applications +* vulnerable web applications [available Online][vwad-online] Sections: @@ -52,3 +59,8 @@ then [submit an issue][issue0910] or [edit on GitHub][edit0910]. [sammg]: https://owaspsamm.org/model/governance/ [sammgeg]: https://owaspsamm.org/model/governance/education-and-guidance/ [sammgegta]: https://owaspsamm.org/model/governance/education-and-guidance/stream-a/ +[vwad]: https://owasp.org/www-project-vulnerable-web-applications-directory/ +[vwad-containers]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-container +[vwad-mobile]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-mobile +[vwad-online]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-online +[vwad-offline]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-offline diff --git a/draft/09-training-education/04-samurai-wtf.md b/draft/09-training-education/04-samurai-wtf.md index 5ea6cbde..117aa69e 100644 --- a/draft/09-training-education/04-samurai-wtf.md +++ b/draft/09-training-education/04-samurai-wtf.md @@ -81,7 +81,7 @@ From a command prompt run 'katana' to start configuring SamuraiWTF for your trai * [SamuraiWTF Dojo][samurai-dojo] * [SamuraiWTF Katana][samurai-katana] * [SamuraiWTF downloads][samuraiwtf-download] -* OWASP [project][samuraiwtf-project] +* SamuraiWTF [OWASP project][samuraiwtf-project] ----