Web Security Dojo v2.0! released

A preconfigured, stand-alone training environment for Web Application Security. Virtualbox and VMware versions for download. See "View all files" for VMware version.

A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.

The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.


 Download latest version-

 Web_Security_Dojo-2.0.ova


To install Dojo you first install and run VirtualBox 3.2 or later, then “Import Appliance” using the Dojo’s OVF file. We have PDF or YouTube for instructions for Virtualbox.
As of version 1.0 a VMware version is also provided, as well as video install instructions
Look for Dojo videos on our YouTube channel at http://www.youtube.com/user/MavenSecurity
Hack your way to fame and glory 1 with our security challenges posted at Reddit (http://www.reddit.com/r/WebSecChallenges/).
[1. Fame and glory not included; void where prohibited by law]
Feature Overview
Convenient virtual machine image
(VirtualBox v3.2 or later recommended, VMware provided)
Targets include:
  • OWASP’s WebGoat
  • Google’s Gruyere
  • Damn Vulnerable Web App
  • Hacme Casino
  • OWASP InsecureWebApp
  • w3af’s test website
  • simple training targets by Maven Security (including REST and JSON)
Tools: (starred = new this version)
  • Burp Suite (free version)
  • w3af
  • sqlmap
  • arachni *
  • metasploit
  • Zed Attack Proxy *
  • OWASP Skavenger
  • OWASP Dirbuster
  • Paros
  • Webscarab
  • Ratproxy
  • skipfish
  • websecurify
  • davtest
  • J-Baah
  • JBroFuzz
  • Watobo *
  • RATS
  • helpful Firefox add-ons
Web Security Dojo 2.0 change log -

Added:
  • WAVSEP
  • BeEF
  • rsnake XSS v2 beta cheatsheet (redistributed with permission)
  • html5sec cheatsheet
Updates:
  • xubuntu 12.04
  • Arachni
  • Skipfish
  • burp free (redistributed with permission)
  • ZAP
  • sqlmap
  • watobo
  • metasploit upgrade, BeEF integration and database enabled
  • browser plugins
  • switched to system tomcat
  • switched to openjdk
Visit website -
Previous post regarding web security dojo -
http://santoshdudhade.blogspot.in/2012/07/web-security-dojo.html