Web Security Dojo

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

What?

Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v9.10.

Why?

The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.

Where?

Download Web Security Dojo from
http://sourceforge.net/projects/websecuritydojo/files/ .

How?

To install Dojo you first install and run VirtualBox , then “Import Appliance” using the Dojo’s OVF file.
See PDF or YouTube instructions. As of version 1.0 a VMware version is also provided.

Who?

Sponsored by Maven Security Consulting Inc
(performing web app security testing & training since 1996).
Also, could be you! Web Security Dojo is an open source and fully transparent project, with public build scripts and bug trackers on Sourceforge .

Feature Overview

Convenient virtual machine image
(VirtualBox recommended, VMware provided)
Targets include:

• OWASP’s WebGoat
• Damn Vulnerable Web App
• Hacme Casino
• OWASP InsecureWebApp
• simple training targets by Maven Security (including REST and JSON)

Tools:

• Burp Suite (free version)
• w3af
• OWASP Skavenger
• OWASP Dirbuster
• Paros
• Webscarab
• Ratproxy
• sqlmap
• helpful Firefox add-ons