Web Security Dojo - Training Environment for Web Application Security Penetration Testing
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
What?
Various web application security testing tools and vulnerable web
applications were added to a clean install of Ubuntu v10.04.2, which is
patched with the appropriate updates and VM additions for easy use.
Why?
The Web Security Dojo is for learning and practicing web app security
testing techniques. It is ideal for self-teaching and skill assessment,
as well as training classes and conferences since it does not need a
network connection. The Dojo contains everything needed to get started –
tools, targets, and documentation.
Feature Overview
Targets include:
- OWASP’s WebGoat
- Google’s Gruyere
- Damn Vulnerable Web App
- Hacme Casino
- OWASP InsecureWebApp
- w3af’s test website
- simple training targets by Maven Security (including REST and JSON)
Tools: (starred = new this version)
- Burp Suite (free version)
- w3af
- sqlmap
- arachni *
- metasploit
- Zed Attack Proxy *
- OWASP Skavenger
- OWASP Dirbuster
- Paros
- Webscarab
- Ratproxy
- skipfish
- websecurify
- davtest
- J-Baah
- JBroFuzz
- Watobo *
- RATS
- helpful Firefox add-ons
Web Security Dojo - Training Environment for Web Application Security Penetration Testing
Reviewed by Zion3R
on
3:30 PM
Rating: