Skip to content
/ security-challenges Public

Some challenges around discovering simple flaws in a Pyramid webapp

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MatthewWilkes/security-challenges

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

xss

xss

 
 

CHANGES.txt

CHANGES.txt

 
 

MANIFEST.in

MANIFEST.in

 
 

README.md

README.md

 
 

development.ini

development.ini

 
 

production.ini

production.ini

 
 

requirements.txt

requirements.txt

 
 

setup.cfg

setup.cfg

 
 

setup.py

setup.py

 
 

Repository files navigation

Installation

This installs via pip. It is strongly recommended to use a virtualenv.

mkdir security-challenges
cd security-challenges
virtualenv .
./bin/pip install -r https://raw.github.com/MatthewWilkes/security-challenges/master/requirements.txt
./bin/pserve src/xss/development.ini

Installing with pip will take a few minutes, and you'll need to have virtualenv installed. This works on Python 2.7 and Python 3.3. Other implementations MAY work.

Playing

You can access the app at http://127.0.0.1:6543/

The welcome screen will link to various challenges, along with their source code. Read the source code to try and find a way to create an XSS attack. The best way of demonstrating this is to call alert(1) when a page is rendered.

The challenges get progressively harder, and are all based on real-world vulnerabilities.

Try not to look at the source code of later challenges before you've completed the earlier ones, as they may well give away the solution to the previous challenge.

About

Some challenges around discovering simple flaws in a Pyramid webapp

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages