Web Security Dojo is a turnkey web application security lab with tools, targets, and training materials built into a Virtual Machine(VM). It is ideal for both self-instruction and training classes since everything is pre-configured and no external network connection is needed. All tools and targets are configured to use non-conflicting ports and a Firefox proxy switcher is set up to match.
Web Security Dojo v1.0 is now available for free at
http://dojo.mavensecurity.com [3]
Web Security Dojo is an open source project built on Ubuntu and hosted at SourceForge. It is available in three flavors: a Virtualbox VM, VMWare VM, and a build script which can be used on a standard Ubuntu 9.10 install to produce the Dojo.
Collaboration and contributions are welcomed.
Major highlights:
Targets:
* OWASP WebGoat [4]
* Damn Vulnerable Web App [5]
* Hacme Casino [6]
* OWASP InsecureWebApp [7]
* custom PHP scripts including REST and JSON labs
Tools:
* Burp Suite (free version) [8] [Thanks to Portswigger for permission to redistribute]
* w3af cvs version [9]
* OWASP Skavenger [10]
* OWASP Dirbuster [11]
* Paros [12]
* Webscarab [13]
* Ratproxy [14]
* sqlmap [15]
* helpful Firefox add-ons
For a quick start grab the VM from http://dojo.mavensecurity.com [3] and read the included Readme file and/or watch the intro video at http://www.youtube.com/watch?v=lum6bSsyJ38 [16]