You ever wondered how breaking into computers feels? according to TV . . .
Many finish university with a degree and all the foundations required to be great security engineers. Either you want to start a career as a Penetration Tester or you are a Developer and want to expand yourself more about security or simply because you are curious enough then you should try some of the following. The following is selection of projects that designed vulnerable applications to demonstrate security vulnerabilities that are common in the wild, usually in their simplest form penetration easy and some practical examples of vulnerabilities in their simplest found.
1. Webgoat
After OWASP Webgoat 5.0, the newly released version offers a more user-friendly interface and an almost complete selection of security topics in web application secure coding. In addition no installation is required, code is compressed in .jar format and can be run through java.
Vulnerabilities : OWASP Top 10
Tips : Yes
Solutions : No
Project: owasp.org/index.php/Category:OWASP_WebGoat_Project
Format: .jar
Download: github.com/WebGoat/WebGoat-Legacy/releases
Quick Start:
java -jar WebGoat-6.1.0-exec-war.jar
2. Damn Vulnerable Web Applications (DVWA)
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Vulnerabilities : OWASP Top 10
Tips : Yes
Solutions : No
Project: owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project
Format: PHP/SQL
Download: github.com/RandomStorm/DVWA
Quick Start:
The easiest way to install DVWA is to download and install 'XAMPP' if you do not already have a web server setup. XAMPP can be downloaded from: www.apachefriends.org/en/xampp.html Simply unzip dvwa.zip, place the unzipped files in your public htm folder, then point your browser to http://127.0.0.1/dvwa/index.php
3. OWASP Bricks
Bricks is a web application security learning platform built on PHP and MySQL. The project focuses on variations of commonly seen application security issues. Each ‘Brick’ has some sort of security issue which can be leveraged manually or using automated software tools. The mission is to ‘Break the Bricks’ and thus learn the various aspects of web application security.Bricks is a completely free and open source project brought to you by OWASP.
Vulnerabilities : OWASP Top 10
Tips : Yes
Solutions : No
Download: http://sourceforge.net/projects/owaspbricks/files/Tuivai%20-%202.2/OWASP%20Bricks%20-%20Tuivai.zip/download
Project: sechow.com/bricks/index.html
Quick Start:
Copy this folder into the www directory. Start running the server. Create a new database for Bricks: Click on the PHPMyAdmin button or go to http://<your_ip>/mysql/ on browser. Any name can be used for database. For example: bricks. Fill up the name and click on Create button. Go to http://<your_ip>/bricks/ on browser. Bricks will redirect automatically to http://<your_ip>/bricks/config/. Fill in the configuration details: Database username: root Database password: root in uWAMP. Keep it blank in the case of XAMPP Database name: bricks Database host: localhost Show executed commands: checked by default Click on Submit button and a file, LocalSettings.php, will get downloaded. Place this file in the www directory. Refresh http://<your_ip>/bricks/config/ page Click on Setup/reset database Installation finished. Bricks will be ready at http://<your_ip>/bricks/
| Hack.me | http://hack.me |
| XSS Game by Google | https://xss-game.appspot.com |
| Cenzic Bank | http://crackme.cenzic.com |
However for those who want to sharp their knowledge here is a list in different areas with noticeable projects, I kept those who have been updated recently and related with web application security. In the future I will post another list for web application services and infastructure testing enviroments. Please feel free to add any comments, suggestions or corrections below. . .