This post originated from an RSS feed registered with .NET Buzz by Robert Hurlbut. Original Post: Hacking the Hacme Bank Feed Title: Robert Hurlbut's .Net Blog Feed URL: http://www.asp.net/err404.htm?aspxerrorpath=/rhurlbut/Rss.aspx Feed Description: Development with .Net, Rotor, Distributed Architectures, Security, Extreme Programming, and Databases Latest .NET Buzz Posts Latest .NET Buzz Posts by Robert Hurlbut Latest Posts From Robert Hurlbut's .Net Blog

Both Dominick Baer and Anil John are pointing to Foundstone's new sample web application (written in ASP.NET and C#) that demonstrates common security vulnerabilities plus helping developers create secure software.

From Foundstone's site:

"Hacme Bank™ is designed to teach application developers, programmers, architects and security professionals how to create secure software. Hacme Bank simulates a "real-world" online banking application, which was built with a number of known and common vulnerabilities such as SQL injection and cross-site scripting. This allows users to attempt real exploits against a web application and thus learn the specifics of the issue and how best to fix it. Foundstone uses this application extensively in our Ultimate Web Hacking and Building Secure Software training classes. "

Get more information here (the application and a User and Solutions Guide).