So I did a presentation on Information Security at University today. I think it went rather well, however I couldn't show a couple of the demonstrations due to some SkyDrive files only being available online. That sucked because those were my best demonstrations, but overall I was happy.
A few people asked me to put the website code up, so you can find it here: https://github.com/orf/vulnerable_website (or just view the code online here)
If you haven't used Python before then I really recommend it. To get the website up and running follow these steps:
- Download Python 2.7.6 here and install
- Download PIP (a python package installer) from here
- Extract, and run “python setup.py install” from within the directory. If you get an error complaining that “python” doesn't exist then you need to add C:\python27 to your system path. Give it a google for detailed instructions.
- Once that's finished just run “pip install flask”
- Go grab the vulnerable website code and then run “python vulnerable_website.py” and you are ready to roll.