Vulnerable Client-Server Application

Vulnerable client-server application (VuCSA) is made for learning/presenting how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface).


Currently the vulnerable application contains the following challenges:

  1. Buffer Over-read (simulated)
  2. Command Execution
  3. SQL Injection
  4. Enumeration
  5. XML
  6. Horizontal Access Control
  7. Vertical Access Control

Solutions for these challenges using open-source tool PETEP can be found on the following YouTube playlist.


VuCSA can be downloaded from GitHub releases:

GitHub: VuCSA GitHub