Happy New Year!!! I am giving this blog another go-around. I still am trying to switch fields (application developer to penetration testing). Anyway, you’re not reading this post to get my current life story.
While I was away from this blog, I found OWASP Broken Web Applications, website –> https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
There are different web vulnerable apps in this package. To install, you will need VMWare or VirtualBox. Once you have this, then you can download the iso package. If you do not know how to install an iso into a virtual machine, look at this video for VirtualBox —>
There are an assortment of different vulnerable apps that vary in level of difficulty.
The training applications are:
Damn Vulnerable Web Application
OWASP ESAPI Java SwingSet Interface
Realistic, intentionally vulnerable applications:
Old (Vulnerable) versions of real applications:
I have read other websites and even wrote on hackernetwork.net (please create an account if you don’t have it!), and I have started with Multilldae, using OWASP ZAP. OWASP ZAP is a proxy that can be used in between the target and the internet. You can download it here: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
You can view a YouTube video describing this by this link:
If you don’t like ZAP proxy, then you can use BurpSuite.
If you’re up for the challenge, try installing this package, and test out some of the applications. I promise it is addicting!!!