add reference to VWAD

OWASP · Aug 11, 2024 · 7fe7b2c · 7fe7b2c
1 parent 19dd755
commit 7fe7b2c
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 5 deletions.
diff --git a/.wordlist.txt b/.wordlist.txt
@@ -494,3 +494,4 @@ OAuth
 OpenID
 Multifactor
 XXE
+VWAD
diff --git a/contributing.md b/contributing.md
@@ -121,13 +121,13 @@ Follow instructions to install the command line [lychee][lychee-install] and [pa
 To install `markdownlint-cli2` use npm: `npm install markdownlint-cli2 --global`,
 and to install `pyspelling` use pip: `pip install pyspelling`
 
-## Release process
+#### Release process
 
 The release process is automatic, and triggers when the repo is tagged with a version number.
 To trigger the release this process from within a cloned repo:
 
-1. tag the release, for example: `git tag 4.1.2`
-2. push to the repo, for example: `git push origin 4.1.2`
+1. tag the release, for example: `git tag 4.1.3`
+2. push to the repo, for example: `git push origin 4.1.3`
 
 The github release workflow then creates the pull request
 with modifications to the release area promoted from the draft area.

diff --git a/draft/09-training-education/01-vulnerable-apps/00-toc.md b/draft/09-training-education/01-vulnerable-apps/00-toc.md
@@ -20,9 +20,16 @@ described in the SAMM [Training and Awareness][sammgegta] section,
 which in turn is part of the SAMM [Education & Guidance][sammgeg] security practice
 within the [Governance][sammg] business function.
 
-The vulnerable applications provide a safe environment where various vulnerable targets can be attacked.
+The intentionally-vulnerable applications provide a safe environment where various vulnerable targets can be attacked.
 This provides practice in using various penetration tools available to a tester,
 without the risk of attack traffic triggering intrusion detection systems.
+The OWASP [Vulnerable Web Applications Directory Project][vwad] (VWAD) provides a comprehensive list of
+available intentionally-vulnerable web applications:
+
+* Vulnerable [mobile applications][vwad-mobile]
+* [Offline][vwad-offline] vulnerable web applications
+* [Containerized][vwad-containers] vulnerable web applications
+* vulnerable web applications [available Online][vwad-online]
 
 Sections:
 
@@ -39,5 +46,10 @@ The OWASP Developer Guide is a community effort; if there is something that need
 [sammg]: https://owaspsamm.org/model/governance/
 [sammgeg]: https://owaspsamm.org/model/governance/education-and-guidance/
 [sammgegta]: https://owaspsamm.org/model/governance/education-and-guidance/stream-a/
+[vwad]: https://owasp.org/www-project-vulnerable-web-applications-directory/
+[vwad-containers]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-container
+[vwad-mobile]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-mobile
+[vwad-online]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-online
+[vwad-offline]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-offline
 
 \newpage
diff --git a/draft/09-training-education/01-vulnerable-apps/toc.md b/draft/09-training-education/01-vulnerable-apps/toc.md
@@ -34,6 +34,13 @@ within the [Governance][sammg] business function.
 The vulnerable applications provide a safe environment where various vulnerable targets can be attacked.
 This provides practice in using various penetration tools available to a tester,
 without the risk of attack traffic triggering intrusion detection systems.
+The OWASP [Vulnerable Web Applications Directory Project][vwad] (VWAD) provides a comprehensive list of
+available intentionally-vulnerable web applications:
+
+* Vulnerable [mobile applications][vwad-mobile]
+* [Offline][vwad-offline] vulnerable web applications
+* [Containerized][vwad-containers] vulnerable web applications
+* vulnerable web applications [available Online][vwad-online]
 
 Sections:  
 
@@ -52,3 +59,8 @@ then [submit an issue][issue0910] or [edit on GitHub][edit0910].
 [sammg]: https://owaspsamm.org/model/governance/
 [sammgeg]: https://owaspsamm.org/model/governance/education-and-guidance/
 [sammgegta]: https://owaspsamm.org/model/governance/education-and-guidance/stream-a/
+[vwad]: https://owasp.org/www-project-vulnerable-web-applications-directory/
+[vwad-containers]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-container
+[vwad-mobile]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-mobile
+[vwad-online]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-online
+[vwad-offline]: https://owasp.org/www-project-vulnerable-web-applications-directory/#div-offline
diff --git a/draft/09-training-education/04-samurai-wtf.md b/draft/09-training-education/04-samurai-wtf.md
@@ -81,7 +81,7 @@ From a command prompt run 'katana' to start configuring SamuraiWTF for your trai
 * [SamuraiWTF Dojo][samurai-dojo]
 * [SamuraiWTF Katana][samurai-katana]
 * [SamuraiWTF downloads][samuraiwtf-download]
-* OWASP [project][samuraiwtf-project]
+* SamuraiWTF [OWASP project][samuraiwtf-project]
 
 ----
-Original file line number
+Diff line change
@@ Expand Up / @@ -494,3 +494,4 @@ OAuth @@
     OpenID
     Multifactor
     XXE
+    VWAD