Vicnum is an OWASP project consisting of multiple vulnerable web applications based on games commonly used to kill time. These applications demonstrate common web security problems such as cross site scripting, sql injections, and session management issues.
The goal of this project is to strengthen security of web applications by educating different groups (students, management, users, developers, auditors) as to what might go wrong in a web app. And of course it's OK to have a little fun.
There are currrently three applications (or challenges) in this version of Vicnum.
Guessnum, a game to guess a number the computer has picked.
Jotto, a game to guess a word the computer has picked.
And the Union Challenge which is new to version 1.5
Besides untarring the tar into the right folder and some Apache webserver tweaking, three MySQL tables will need to be created.
For general comments on the project please visit the OWASP project page.