ARTICLE Web Security Dojo v0.2 released

Sunday 8 November 2009 - 1346 read - ( Keywords : Application Scanner , Attack , LiveCD , Local auditing , Web Security Dojo )

An open source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. For learning and practicing web app security testing techniques. It does not need a network connection since it contains tools, targets, and documentation. Thus making it ideal for training classes and conferences.

To install Dojo you can install and run VirtualBox, then "Import Appliance" using the OVF file. Other virtual machine packages (VMware, etc) will probably also work (can someone contribute docs?). Go here for Virtual Box instructions.

PNG - 30.2 kb

Targets include:
- OWASP’s WebGoat v5.2
- Damn Vulnerable Web App v1.0.6
- Hacme Casino v1.0
- OWASP InsecureWebApp v1.0
- simple stand-alone PHP scripts by Maven Security (including REST and JSON)

Tools:
- Burp Suite (free version) v1.2.01
- w3af v1.1
- OWASP Skavengerv0.6.2a
- OWASP Dirbuster v1.0 RC1
- Paros v3.2.13
- Ratproxy v1.57-beta
- sqlmap v0.7
- helpful Firefox add-ons

Tool Submitted by Steven Pinkham from MavenSecurity.com


POSTSCRIPTUM

Download


COMPLIANCE MANDATES

Application Scanner : PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2


RELATED ARTICLES

Application Scanner, Attack, LiveCD, Local auditing, Web Security Dojo,

27 February 2010 : Web Security Dojo v1.0 released
8 November 2009 : Web Security Dojo v0.2 released