‎Find and fix your web security vulnerabilities with Burp Scanner‎
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
img
.gitignore
HOWTO_burp_scanner.docx
OWASP_Top_10-2017_(en).pdf.pdf
README
lil_app
lil_app.fixed
lil_app.fixed.broken_again
lil_app.fixed.broken_again.fixed_again
lil_app.sql
lil_app.sqlite3
presentation.html
run_lil_app.sh

README

A demonstration of a typical vulnerability scanner against a modern and not so
modern web app to demonstrate discovery of issues. We will use burp scanner for
scanning, issues that it can discover, how to fix those. We will also briefly
look at open source alternatives to Burp

Please note the example apps here are not to be taken as good examples of code
as they *intentionally* contain security issues to demonstrate the scanner and
even the "fixed" versions are not actually fixed (for example the password is
not hashed/salted/encrypted in the database)