Web Security Dojo v1.0 released

Web Security Dojo is a turnkey web application security lab with tools,
targets, and training materials built into a Virtual Machine(VM).
It is ideal for both self-instruction and training classes since
everything is pre-configured and no external network connection is
needed. All tools and targets are configured to use non-conflicting
ports and a Firefox proxy switcher is set up to match.

Web Security Dojo is an open source project built on Ubuntu and hosted
at SourceForge. It is available in three flavors: a Virtualbox VM, VMWare VM, and a build script which can be used on a standard Ubuntu 9.10 install to produce the Dojo.

Collaboration and contributions are welcomed.

PNG - 30.3 kb

Major highlights:

  • OWASP WebGoat
  • Damn Vulnerable Web App
  • Hacme Casino
  • OWASP InsecureWebApp
  • custom PHP scripts including REST and JSON labs


  • Burp Suite (free version)[Thanks to Portswigger for permission to
  • w3af
  • OWASP Skavenger
  • OWASP Dirbuster
  • Paros
  • Webscarab
  • Ratproxy
  • sqlmap
  • helpful Firefox add-ons

For a quick start grab the VM from http://dojo.mavensecurity.com and
read the included Readme file and/or watch the intro video at

Tool Submitted by Steven Pinkham from MavenSecurity.com

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2


Related Articles

Application Scanner
Penetration testing & Ethical Hacking
Web Security Dojo