Web Security Dojo v0.2 released

An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does
not need a network connection since it contains tools, targets, and
documentation. Thus making it ideal for training classes and conferences.

To install Dojo you can install and run VirtualBox, then "Import Appliance" using the OVF file. Other virtual machine packages (VMware, etc) will probably also work (can someone contribute docs?). Go here for Virtual Box instructions.

PNG - 30.3 kb

Targets include:

  • OWASP’s WebGoat v5.2
  • Damn Vulnerable Web App v1.0.6
  • Hacme Casino v1.0
  • OWASP InsecureWebApp v1.0
  • simple stand-alone PHP scripts by Maven Security (including REST and JSON)

Tools:

  • Burp Suite (free version) v1.2.01
  • w3af v1.1
  • OWASP Skavengerv0.6.2a
  • OWASP Dirbuster v1.0 RC1
  • Paros v3.2.13
  • Ratproxy v1.57-beta
  • sqlmap v0.7
  • helpful Firefox add-ons

Tool Submitted by Steven Pinkham from MavenSecurity.com