Web Security Dojo | Open Source Environment To Learn & Practice Web Application Security Testing


To know how attacker can hack a website is not easy and simple, you need to learn and a lot of practice to become web application security tester. Because there are many method to exploit a web application, but don’t worry there is a open source environment called “ Web Security Dojo ” to help you learn and practice some techniques to hack web application, and if you can master Web Security Dojo, your chance to successfully hack a web application is bigger.


The Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learning and practicing web application security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.

Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want to transform their stock Ubuntu into a virtual dojo.


  • Vulnerable web applications
  • Common web security testing tools
  • Popular industry web application security guidelines
  • Walk-throughs of several targets (no peeking ahead)
  • No Internet-connect required to use


To install Web Security Dojo first you need to install VirtualBox or VMWare in your computer. And then follow the instructions bellow:

  • Download latest Dojo (VirtualBox version) from here
  • Unzip that file if needed.
  • Run VirtualBox, and select File>Import Appliance
  • Click “Choose”, find .ova file from step #2, and click “Open”, then “Next” and “Import”.
  • The import process will take a few minutes.
  • After complete, select the new machine and click the green Start arrow to boot it.
  • User name dojo, password dojo (needed for system updates)

We have PDF or YouTube for instructions for Virtualbox. The OVA should also be able to be imported and used in various VMware tools, but we do not support this directly at this time.

Download Web Dojo