OWASP Bricks
Bricks is a deliberately vulnerable web application built on PHP and MySQL.
The project focuses on variations of commonly seen application security vulnerabilities and exploits.
Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).
The mission is to 'break the bricks' and thus learn the various aspects of web application security.
License: Apache 2.0 License (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project)
who is working on this project?
Project Leader(s):
Abhi M Balakrishnan
Get UWAMP. There are three options:
Exe/Install: Around 20 MB and has an installer. It can be installed just like installing any other software.
Portable RAR: Around 30 MB, portable. No installation needed, just extract and run. 7-Zip is a good software for handling RAR files.
Portable ZIP: Around 55 MB, portable. No installation needed, just extract and run.
Download Bricks and extract it.
Copy the bricks folder into the UwAmp\www directory.
Run uWAMP.exe and Start running the server.
Create a new database for Bricks:
Click on the PHPMyAdmin button on the UWAMP interface, or go to http:///mysql/ on browser.
Any name can be used for database. For example: bricks. Fill up the name and click on Create button.
Click on the www Site button on the UWAMP interface, or go to http:///bricks/ on browser.
Bricks will redirect automatically to http:///bricks/config/.
Fill in the configuration details:
Database username: root
Database password: root in uWAMP. Keep it blank in the xase of XAMPP
Database name: bricks
Database host: localhost
Show executed commands: checked by default
Click on Submit button and a file, LocalSettings.php, will get downloaded. Place this file in the UwAmp\www directory.
Refresh http:///bricks/config/ page
Click on Setup/reset database
Installation finished. Bricks will be ready at http:///bricks/
2. Mantra
Download Mantra. Extract it and run it