Java EE Security
This repository contains several Java EE web applications covering different security topics. Have a look at the slides from various events covering the applications in this repository. The Java Web Security Workshop talks about some of these applications in much greater detail.
Web Applications in Detail
Using Mozilla Firefox as browser is strongly recommended.
FerrisWheelManager
Ferris Wheel Manager is a Java EE 7 demo application containing security vulnerabilities like SQL Injection and Cross-Site Scripting (XSS). A datasource named jdbc/fwm is required, which must contain the tables/ data provided by SQL scripts in the Resources project. Valid usernames/passwords are Marvin/wheel (role Manager), Zaphod/ferris (role User). This web application was tested with Java Enterprise Edition 7, GlassFish 4 and MySQL 5.6.