WebMaven (better known as Buggy Bank) was an interactive learning environment for web application security. It emulated various security flaws for the user to find. This enabled users to safely & legally practice web application vulnerability assessment techniques. In addition, users could benchmark their security audit tools to ensure they perform as advertised.
Give a man an audit and he will be secure for a day. Teach a man to audit and he will be secure for the rest of his life.
– David Rhoades
The original code for WebMaven was developed by David Rhoades of Maven Security, and was released under GPL. WebMaven was the original OWASP WebGoat (v1), but has since been replaced by vastly superior code.
WebMaven has not been updated for several years, and is therefore no longer available for download at Source Forge.
We strongly recommend you try the current OWASP WebGoat or similar projects.
Our Web Security Dojo has the current OWASP WebGoat, Hacme Casino, and many other useful targets and security tools installed, and is the spiritual successor of WebMaven.
However, if for some reason you are still interested in trying WebMaven (e.g. historical or nostalgic reasons) it can be downloaded here: webmaven101.zip (v1.01 with install and user guides).
It should work on Apache for Windows and Xitami for Windows (and possibly Xitami forUNIX). Some people have claimed to get it working on Apache for UNIX but the exact install instructions are not documented yet.