Sunday, April 6, 2014

15 BEST WEB APPLICATION TO LEARN PENETRATION TESTING & SECURITY


1. OWASP Broken Web Application Project  (Download:  http://adf.ly/ir1Bw)

OWASP BWA aka OWASP Broken Web Application is Linux Virtual Machine Penetration testing Lab and a total collection of all below’s Penetration Testing lab. You can call it all in one collection – size 1 GB. One of the most recommended, popular, challenging and best Vulnerable Application to practice Penetration Testing, Vulnerability Hunting and Exploitation.

2. DVWA (Damn Vulnerable Web Application  (Download:  http://adf.ly/ir1YY)

This is one of the best known web application penetration testing apps that is used by many penetration testers in order to hone their Penetration Testing skills. DVWA contains most common vulnerabilities, runs on PHP/MySQL. DVWA is simple elegant and easy vulnerable app that can be used to explain Web Application vulnerabilities and exploitations

3. Mutillidae (NOWASP)  (Download: http://adf.ly/ir1nZ)

Another best vulnerable application created by OWASP team and the best thing is – Mutillidae contains OWASP Top 10 vulnerable applications with description and complete video tutorials by irongeek. Mutillidae is advance and easy Pentesting lab. One of the best one in my point of view. It’s free and open source web application for penetration testers to use

4. Web-Goat (Download: http://adf.ly/ir1zP)

The only application that won’t allow you to sleep until you h*ck!. This is a J2EE web application that can help you learn penetration testing on web applications. It is an OWASP project, desinged very beautifully and contains lots of advance Web Attacks, Vulnerabilities and Exploitations.

5. Wacko-Picko (Download: http://adf.ly/VooZK)

This vulnerable web application lets you hone your skills in XSS vulnerabilities, command-line injections, SQL injections, sessionID vulnerabilities, parameters manipulation, file inclusions, Reflected XSS Behind JavaScript, Reflected XSS Behind a Flash Form, Logic Flaw, and Weak usernames or passwords.

6. Exploit KB (Download: http://adf.ly/ir2li)

This is another vulnerable web application that has been designed in order to help enhance SQL Injection skills. It is amongst the best known apps in its segment. Contains vulnerabilities like SQLi, Command Injection and Advance stuffs.

7. OWASP Ha*kademic Challenges Project (Download: http://adf.ly/ir2lj)

Consider it as a challenge and ha*k if you can! You’ve to pass all challenges and ha*k the application. This vulnerable web application provides you with 10 penetration testing scenarios to practice. As the name suggest, it is a OWASP project.

8. WAVSEP (Download: http://adf.ly/ir2lm)

One of the best penetration testing lab and contains lots of tricky vulnerable application based on XSS, SQLi and HTTP vulnerabilities. In fact we’ve published an article on complete installation – Click Here. Complete description, tutorial everything can be found in the article. Thank you.

9. OWASP Bricks (Download: http://adf.ly/ir2ln)

Another dynamic, advance vulnerable Web Application. OWASP Bricks is PHP/MySQL based Vulnerable Web Application for Security Professionals and Ha*kers to sharpen their Vulnerability assessment skills and to learn how web vulnerabilities, flaws and bugs exists. We’ve already published article on OWASP Bricks – Click Here.

10. SQLol (Download: http://adf.ly/ir2lo)

One of the most advance SQL Injection vulnerable application that allows you to learn trick SQL Injection attacks. his web application is useful for developing your SQL Injection skills. Penetration testers have to keep practicing in order to keep their skills sharpened and this is one of the best testing app.

11. Foundstone : Hacme Bank (Download: http://adf.ly/ir2lq)

Hacme Bank is designed to teach application developers, programmers, architects and security professionals how to create secure software. Hacme Bank simulates a “real-world” web services-enabled online banking application, which was built with a number of known and common vulnerabilities. This allows users to attempt real exploits against a web application and thus learn the specifics of the issue and how best to fix it.

12. Hacme Casino (Download: http://adf.ly/ir2lr)

McAfee Foundstone Hacme Casino™ is a learning platform for secure software development and is targeted at software developers, application penetration testers, software architects, and anyone with an interest in application security

13. LAMP Security (Download: http://adf.ly/ir2ls)

 LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.

14. OWASP Insecure Web App Project (Download: http://adf.ly/ir2lt)

InsecureWebApp is a web application that includes common web application vulnerabilities. It is a target for automated and manual penetration testing, source code analysis, vulnerability assessments and threat modeling.

15. The BodgeIt Store (Download: http://adf.ly/ir2lu)

The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing. Contains - Cross Site Scripting SQL injection Hidden (but unprotected) content Cross Site Request Forgery Debug code Insecure Object References Application logic vulnerabilities.

0 comments: