Sunday, January 28, 2007

Sample Shopcart application

In my experience i have seen a lot of developers being clueless about what application security is and how they unknowingly left a door open for the bad guys in their application. They don't have much idea about how application are open to these vulnerabililties (like XSS, SQL injection, session hijacking, etc), how they are exploited and what changes they need to make in their coding style to minimize these vulnerabilities in their application.

Shopcart application is a sample application which is developed to educate developers to understand how an application can be exploited and what kind of damage they can do.

This application does not have any security mechanism in it. The idea is for developers to learn how and what can be exploited if a security mechanism is not in place. Soon I will put together an application with proper security controls for the comparison.

The application can be accessed at http://www.attacklabs.com/shopcart/

Happy learning.

No comments: