Many times, learning and practicing Ethical Hacking is difficult because it requires a bit of background work setting a proper lab, installing all the required software versions, etc. But things have changed and I'm very happy to share with you what I've just discovered : the OWASP Broken Web Applications Project which aims to provide a complete testing environment packed in a self-contained VMWare machine.
The nice folks at owaspbwa have mamaged to set up quite a few web platforms and applications so that we, the users,can skip the tedious setup part and jump right in web security hacking. I will quote the developers about the contents of this VMWare machine:
This VM has two web servers running. One Apache server on port 80 and one Tomcat server on port 8080. The following vulnerable web applications are running on the VM (listed in no particular order).
Intentionally Vulnerable Applications:
- OWASP WebGoat version 5.3-SNAPSHOT (Java, use username=guest, password=guest, home page)
- OWASP Vicnum (Perl, home page)
- Mutillidae version 1.3 (PHP, home page)
- Damn Vulnerable Web Application version 1.06 (PHP, use username=admin, password=password, home page)
- OWASP CSRFGuard Test Application version 2.2 (Java, home page)
- Mandiant Struts Forms (Java/Struts)
- Simple ASP.NET Forms (ASP.NET/C#)
Old Versions of Real Applications:
- WordPress version 2.0.0 (PHP, released December 31, 2005, home page)
- phpBB version 2.0.0 (PHP, released April 4, 2002, home page)
- Yazd version 1.0 (Java, released February 20, 2002, home page)
You can find all about this wonderful project on OWASBWAPA google code page . Thanks to all who developed it !
Thank you for reading this post. You can now Read Comments (6) or Leave A Trackback. Print This Post
Post InfoThis entry was posted on Tuesday, February 9th, 2010 . Tagged with:
Previous Post: GFI WebMonitor 2009 Review »
Next Post: Qualys Unveils 3 New Services – Some Are FREE! »
Read MoreRelated Reading:
- How to Protect Your Business Network from Phishing Attacks
- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!