Web Security Dojo v1.2

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

A preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions for download. See "View all files" for VMware version.

Features -
Convenient virtual machine image (VirtualBox v3.2 or later recommended, VMware provided)

Targets include:

OWASP’s WebGoat
Google’s Gruyere
Damn Vulnerable Web App
Hacme Casino
OWASP InsecureWebApp
w3af’s test website
simple training targets by Maven Security (including REST and JSON)

Tools: (starred = new this version)

Burp Suite (free version)
w3af
sqlmap
arachni *
metasploit
Zed Attack Proxy *
OWASP Skavenger
OWASP Dirbuster
Paros
Webscarab
Ratproxy
skipfish
websecurify
davtest
J-Baah
JBroFuzz
Watobo *
RATS
helpful Firefox add-ons

What?

Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.

Why?

The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.

Where?

Download Web Security Dojo from

Download dojo_v1.2-virtualbox.zip (1.3 GB)
http://sourceforge.net/projects/websecuritydojo/files/ .

How?

To install Dojo you first install and run VirtualBox 3.2 or later, then “Import Appliance” using the Dojo’s OVF file. We have PDF or YouTube for instructions for Virtualbox.
As of version 1.0 a VMware version is also provided, as well as video install instructions

Visit website -

http://sourceforge.net/projects/websecuritydojo/