We would like to have a web application security game server very similar to the “[login to view URL] Games?? at [login to view URL] . I think the easiest way to start with something like this would be to build your own lessons with the WebGoat server from [login to view URL] as the base. Basically the "WebGoat" Server is actually a java-based app running on the server acting in the same ways that a vulnerable web application would act.
Quote from [login to view URL]:
WebGoat is based on the concept of teaching a user a real world lesson and then asking the user to demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.
...WebGoat is written in Java and therefore installs on any platform with a Java virtual machine. There are automated installers for Linux and Windows.
Current lessons include;
Cross Site Scripting
SQL Injection
Thread Safety
Hidden Form Field Manipulation
Parameter Manipulation
Weak Session Cookies
Fail Open Authentication
Dangers of HTML Comments
=================================
I would like the application developer to have actually completed all of the levels of the first game at at [login to view URL] and at least 5 of the levels in the second game on the site also before bidding on this project. This is a firm requirement, and bidders that haven't completed these levels will NOT be considered. We are a membership based website that is hosted on a dedicated webserver. We are planning to purchase another dedicated server to host this WebApp Security application. Your application must also provide some security by ensuring that only Website members be able use this WebAppSec Server application. We are open to the suggestions of the winning developer regarding how the application will run, what type of dedicated server it will be run on if necessary, and how it will be secured. The main goal here is to provide a quality product to our customers so they can learn security, and ensure that we can provide this capability securely.
## Deliverables
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Installation package that will install the software (in ready-to-run condition) on the platform(s) specified in this bid request.
3) Exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
## Platform
We'd prefer that the app run on a dedicated Linux server, but we're open to the suggestions of the winning developer. Again the main goal here is to provide a quality product to our customers so they can learn security, and ensure that we can provide this capability securely.