OWASP Broken Web Applications

Happy New Year!!! I am giving this blog another go-around. I still am trying to switch fields (application developer to penetration testing). Anyway, you’re not reading this post to get my current life story.

While I was away from this blog, I found OWASP Broken Web Applications, website –> https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

There are different web vulnerable apps in this package. To install, you will need VMWare or VirtualBox. Once you have this, then you can download the iso package. If you do not know how to install an iso into a virtual machine, look at this video for VirtualBox —>

There are an assortment of different vulnerable apps that vary in level of difficulty.

The training applications are:

OWASP WebGoat

OWASP WebGoat.Net

Multillidae

Ghost

Damn Vulnerable Web Application

OWASP ESAPI Java SwingSet Interface

Realistic, intentionally vulnerable applications:

OWASP Vicnum

Peruggia

Hackxor

BodgeIt

WackoPicko

Google Gruyere

Old (Vulnerable) versions of real applications:

WordPress

OrangeHRM

GetBoo

GTP-PHP

Yazd

WebCalendar

Gallery2

Tiki Wiki

Joomla

AWStats

I have read other websites and even wrote on hackernetwork.net (please create an account if you don’t have it!), and I have started with Multilldae, using OWASP ZAP. OWASP ZAP is a proxy that can be used in between the target and the internet. You can download it here: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

You can view a YouTube video describing this by this link:

If you don’t like ZAP proxy, then you can use BurpSuite.

If you’re up for the challenge, try installing this package, and test out some of the applications. I promise it is addicting!!!