Maven Security Consulting Inc

maven (noun): a trusted expert who seeks to pass knowledge on to others

Overview

Web Application Test

Training

Web Security Dojo

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

What?

Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10.

Why?

The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started - tools, targets, and documentation.

Where?

Download Web Security Dojo from
http://sourceforge.net/projects/websecuritydojo/files/.

How?

To install Dojo you can install and run VirtualBox, then "Import Appliance" using the Dojo's OVF file.
Go here for Virtual Box instructions. As of version 1.0 a VMware version is also provided.

Who?

Sponsored by Maven Security Consulting Inc
(performing web app security testing & training since 1996).

Current Features (v1.0)

Convenient virtual machine image
(VirtualBox recommended, VMware provided)

Targets include:

OWASP's WebGoat v5.2
Damn Vulnerable Web App v1.0.6
Hacme Casino v1.0
OWASP InsecureWebApp v1.0
simple training targets by Maven Security (including REST and JSON)

Tools:

	Upcoming Features
	More tutorials and documentation, including video tutorials ISO release of live CD version, for direct install to hard drive More targets More tools Enhancements/contributions to existing tools and targets Debian packages for existing tools and targets to enhance VM creation and collaboration with other projects. More detailed future changes on SourceForge in the feature request and bug trackers

Announcements
	Check out our YouTube channel for videos about Web Security Dojo (more videos coming soon).
	Current version of Web Security Dojo is v1.0, released Feb. 21, 2010.
	Web Security Dojo v0.4 was released Feb. 2, 2010.
	Web Security Dojo v0.3 was released Jan. 27, 2010.
	Web Security Dojo v0.2 was released Nov. 4, 2009.
	Public debut of v0.1 on Nov. 3, 2009 at USENIX LISA 2009 conference in Baltimore, Maryland.

	The project needs contributors! Get involved.