[WEB SECURITY] Web Security Dojo v1.0 release

Steve Pinkham steve.pinkham at gmail.com
Thu Feb 25 12:54:01 EST 2010


Web Security Dojo v1.0 is now available for free at
http://dojo.mavensecurity.com

Web Security Dojo is a turnkey web application security lab with tools,
targets, and training materials built into a Virtual Machine(VM).
It is ideal for both self-instruction and training classes since
everything is pre-configured and no external network connection is
needed.  All tools and targets are configured to use non-conflicting
ports and a Firefox proxy switcher is set up to match.

Web Security Dojo is an open source project built on Ubuntu and hosted
at SourceForge.  It is available in three flavors: a Virtualbox VM, 
VMWare VM, and a build script which can be used on a standard Ubuntu 
9.10 install to produce the Dojo.
Collaboration and contributions are welcomed.

Major highlights:
Targets:
     * OWASP WebGoat
     * Damn Vulnerable Web App
     * Hacme Casino
     * OWASP InsecureWebApp
     * custom PHP scripts including REST and JSON labs

Tools:
     * Burp Suite (free version)[Thanks to Portswigger for permission to
redistribute]
     * w3af
     * OWASP Skavenger
     * OWASP Dirbuster
     * Paros
     * Webscarab
     * Ratproxy
     * sqlmap
     * helpful Firefox add-ons

For a quick start grab the VM from http://dojo.mavensecurity.com and
read the included Readme file and/or watch the intro video at
http://www.youtube.com/watch?v=lum6bSsyJ38.

-- 
  | Steven Pinkham, Security Researcher    |
  | http://www.mavensecurity.com           |
  | GPG public key ID CD31CAFB             |


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list