Wavsep, the Web Application Vulnerability Scanner Evaluation Project is a vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners.
This version is now integrated with ZAP-WAVE and a *database schema installer* and has been implemented using JEE, mostly composed out of JSP pages. 16 new test cases and passive exposures such as: information disclosure, antiCSRF tokens, secret vectors, insert statements, etc. have been added! Wavsep has been tested on tomcat 6.0.x, alongside MySQL 5.5.x and has been developed using Eclipse 3.6.x (*helios*).