.NET Security Lab is an intentionally vulnerable ASP.NET web application designed to help application security specialists gain experience working with .NET applications.
Labs:
- Serialization
- Based on examples from Friday the 13th: JSON Attacks
- Xml Parsing
- Get XXE using built in .NET classes.
- Xslt
- Get file system access, SSRF, and even RCE through the execution of user controlled XSLT in various XSLT processors.
See the wiki for more information.