Security Dashboard
Security vDNA
Saturday 27 February 2010 - 981 read - ( Keywords : Application Scanner , LiveCD , Penetration testing & Ethical Hacking , Web Security Dojo )
Web Security Dojo is a turnkey web application security lab with tools,
targets, and training materials built into a Virtual Machine(VM).
It is ideal for both self-instruction and training classes since
everything is pre-configured and no external network connection is
needed. All tools and targets are configured to use non-conflicting
ports and a Firefox proxy switcher is set up to match.Web Security Dojo is an open source project built on Ubuntu and hosted at SourceForge. It is available in three flavors: a Virtualbox VM, VMWare VM, and a build script which can be used on a standard Ubuntu 9.10 install to produce the Dojo.
Collaboration and contributions are welcomed.
Major highlights:
Targets:
OWASP WebGoat
Damn Vulnerable Web App
Hacme Casino
OWASP InsecureWebApp
custom PHP scripts including REST and JSON labs
Tools:
Burp Suite (free version)[Thanks to Portswigger for permission to
redistribute]
w3af
OWASP Skavenger
OWASP Dirbuster
Paros
Webscarab
Ratproxy
sqlmap
helpful Firefox add-ons
For a quick start grab the VM from http://dojo.mavensecurity.com and read the included Readme file and/or watch the intro video at http://www.youtube.com/watch?v=lum6bSsyJ38.
Tool Submitted by Steven Pinkham from MavenSecurity.com
POSTSCRIPTUM
COMPLIANCE MANDATES
Application Scanner : PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2Penetration testing & Ethical Hacking : PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2
RELATED ARTICLES
Application Scanner,
LiveCD,
Penetration testing & Ethical Hacking,
Web Security Dojo,
27 February 2010 : Web Security Dojo v1.0 released8 November 2009 : Web Security Dojo v0.2 released
