Web Security Dojo 3.4 releases: learn and practice web application security testing
Web Security Dojo
Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learn and practice web application security testing. A preconfigured, stand-alone training environment ideal for classroom and conferences. No Internet required to use. Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want to transform their stock Ubuntu into a virtual dojo. Bow to your sensei!
- vulnerable web applications
- common web security testing tools
- popular industry web application security guidelines
- walk-throughs of several targets (no peeking ahead)
- no Internet-connect required to use
To install Dojo you first install and run VirtualBox 5 or later, then “Import Appliance” using the Dojo’s OVF file. We have PDF or YouTube for instructions for Virtualbox. The OVA should also be able to be imported and used in various VMware tools, but we do not support this directly at this time.