2

I was just wondering if there are already deliberate vulnerable Openstack images for penetration testing/training or research. Something in line with OWASP's DVWA e.t.c....there quite a lot out there for web applications especially. I am doing a research and will be very glad if someone already has something like that or possibly direct me to the right place. The similar projects as mentioned here differ from what I am seeking for. While most of the existing solutions focus on linux distributions and web applications, OpenStack composes of several cloud services which could have several types of vulnerabilities. Moreover, OpenStack could be installed standalone via ironic. Many thanks !!

Community
  • 1
SyCode
  • 200
  • 8
  • 3
    Possible duplicate of [Vulnerable OS's?](http://security.stackexchange.com/questions/183/vulnerable-oss) – HamZa Apr 08 '16 at 10:30
  • 1
    I don't think this is a dupe of [Vulnerable OS's?](https://security.stackexchange.com/q/183/61443) because that one is specifically about the OS, and this is specifically about the application stack. – Mike Ounsworth Apr 08 '16 at 12:57
  • @Mike, I agree with you. Openstack is a large stack composed of several services. Installing openstack on a vulnerable Linux OS e.g. from one of the lists doesn't solve the problem. A possible approach is an openstack installation on which all the security updates/patches have been stripped of...It's about having openstack specific vulnerabilities. – SyCode Apr 08 '16 at 13:02

1 Answers1

0

After searching across the internet, it seems there are really no "ready made" vulnerable OpenStack images similar to web applications like OWASP DVWA. However, I think a starting point is to install old OpenStack releases and also install some vulnerable software on it. I have found icehouse easy install here. I will like to start working on this...any one interested in this topic is welcome.

SyCode
  • 200
  • 8