Moth: Virtual Testbed for Web Application Security

May 08, 2009

The Bonsai Information Security firm has released Moth, a VMware image with a set of vulnerable web applications and scripts. It serves for testing and developing security scanners and can be instructional in all matters application security.

Next to web application security, Moth is also a test tool for static code analysis. The accompanying software includes unsecured versions of the Wordpress blog and the Redmine project management application.

The web applications and vulnerability scripts are available directly or through mod_security. Applications written in PHP are accessible through the PHP-IDS intrusion detection system. This makes it easy to log scanner tests and other attack methods automatically.

The Moth VMware image is ready for download from the SourceForge site as a 7-zip archive and is licensed under GPL.

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.