Vulnerabile Evaluation Platform - WAVSEP



A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners.


Vulnerabilities:

ºPath Traversal/LFI: 816 test cases, implemented in 816 jsp pages (GET & POST)
ºRemote File Inclusion (XSS via RFI): 108 test cases, implemented in 108 jsp pages (GET & POST)
ºReflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
ºError Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST)
ºBlind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST)
ºTime Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST)
ºPassive Information Disclosure/Session Vulnerabilities (inspired/imported from ZAP-WAVE): 3 test cases of erroneous information leakage, and 2 cases of improper authentication / information disclosure – implemented in 5 jsp pages
ºExperimental Tase Cases (inspired/imported from ZAP-WAVE): 9 additional RXSS test cases (anticsrf tokens, secret input vectors, tag signatures, etc), and 2 additional SQLi test cases (INSERT) – implemented in 11 jsp pages (GET & POST)

False Positives:

º7 different categories of false positive Reflected XSS vulnerabilities (GET & POST )
º10 different categories of false positive SQL Injection vulnerabilities (GET & POST)
º8 different categories of false positive path traversal/LFI vulnerabilities (GET & POST)
º6 different categories of false positive remote file inclusion vulnerabilities (GET & POST)

Additional Features:

ºA simple web interface for accessing the vulnerable pages
ºAn auto-installer for the mysql database schema (/wavsep-install/install.jsp)
ºSample detection & exploitation payloads for each and every test case
ºDatabase connection pool support, ensuring the consistency of scanning results