The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing. Test1
Please note that The BodgeIt Store is no longer being worked on
You are strongly recommended to use OWASP Juice Shop instead!
Note that the BodgeIt Store is now available as a Docker image: https://hub.docker.com/r/psiinon/bodgeit/ CxFlowMasterPush-Test2345678901234567890123456789012345678901234567890123456789123456789 note your butt butts added stuuuuuuuuff Ray's line spitting hot fire splotting and plotting and making it nice again Some of its features and characteristics:
All you need to do is download and open the zip file, and then extract the war file into the webapps directory of your favorite servlet engine.
Then point your browser at (for example) http://localhost:8080/bodgeit
You may find it easier to find vulnerabilities using a pen test tool.
If you dont have a favourite one, I'd recommend the Zed Attack Proxy (for which I'm the project lead).
The Bodge It Store include the following significant vulnerabilities:
There is also a 'scoring' page (linked from the 'About Us' page) where you can see various hacking challenges and whether you have completed them or not.
In the relatively near future I'm hoping to add things like:
You can now also perform automated security regression tests on the Bodge It Store - see the wiki.
Any feedback (or offers of help to develop it further;) would be appreciated.