As part of the exercises for my 50.020 Security class, we needed a simple setup to test XSS, SQL injection, and command injection attacks. Instead of using solutions such as the standard OWASP webserver, this year I decided to write my own minimal application (using Python/Flask) which I called YAVW. Using Flask resulted in a very small codebase, which should be easier to understand for students. In case this is useful for others, I made it public here.

Nils Ole Tippenhauer
Nils Ole Tippenhauer

I am interested in information security aspects of practical systems. In particular, I am currently working on security of industrial control systems and the Industrial Internet of Things.