Web Security Dojo is a preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions for download. See “View all files” for VMware version.
Features:
- Ethical hacking sandbox
- Pre-configured vulnerable targets
- Common web hacking tools
- Training materials and user guides for some targets
What is Web Security Dojo?
Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.
The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.
- OWASP’s WebGoat
- Google’s Gruyere
- Damn Vulnerable Web App
- Hacme Casino
- OWASP InsecureWebApp
- w3af’s test website
- simple training targets by Maven Security (including REST and JSON)
- Burp Suite (free version)
- w3af
- sqlmap
- arachni *
- metasploit
- Zed Attack Proxy *
- OWASP Skavenger
- OWASP Dirbuster
- Paros
- Webscarab
- Ratproxy
- skipfish
- websecurify
- davtest
- J-Baah
- JBroFuzz
- Watobo *
- RATS
- helpful Firefox add-ons
You can Download Web Security Dojo from http://sourceforge.net/projects/websecuritydojo/files/