<p>The idea of creating web applications with intentional vulnerabilities is nothing new. It seems that everyone created at least one such application around the turn of the millennium. The problem is, most of those applications haven't been updated since then. In addition to being dated, these applications are largely closed source, can be complicated to set up, and often conflict with one another. In an effort to address these issues, this talk will describe the release of a new, completely free, virtual machine running a variety of open source, vulnerable web applications. This virtual machine is ideally suited for use as both a training environment and as a testbed for experimenting with web application and source code analysis tools and techniques.</p>
<p>Doug Wilson started into formal IT work at a web hosting startup in 1999, and has been "the security guy" everywhere he's been employed since then. Doug firmly believes that Washington DC should have the best security community in the US, if not the planet. To that end, he is the coordinator of the monthly CapSec DC happy hour, co-chair of OWASP DC, and was one of the organizers of the AppSec DC 2009 Conference. When not volunteering for far too many things, Doug works as a Principal Consultant for MANDIANT finding evil and solving crime.</p>