Web Security Dojo is a free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
What?
Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10.
Why?
The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.
Web Security Dojo currently contains:
Targets –
- OWASP’s WebGoat v5.2
- Damn Vulnerable Web App v1.0.6
- Hacme Casino v1.0
- OWASP InsecureWebApp v1.0
- Simple training targets by Maven Security (including REST and JSON)
Tools -
- Burp Suite (free version) v1.3
- w3af cvs version
- OWASP Skavengerv0.6.2a
- OWASP Dirbuster v1.0 RC1
- Paros v3.2.13
- Webscarab v20070504-1631
- Ratproxy v1.57-beta
- sqlmap v0.7
- Helpful Firefox add-ons
You can download Web Security Dojo here:
VMWare image – dojo_v1.0-vmware.zip
VirtualBox image – dojo_v1.0-virtualbox.zip
Or read more here.
