To know how attacker can hack a website is not easy and simple, you need to learn and a lot of practice to become web application security tester. Because there are many method to exploit a web application, but don’t worry there is a open source environment called “ Web Security Dojo ” to help you learn and practice some techniques to hack web application, and if you can master Web Security Dojo, your chance to successfully hack a web application is bigger.
The Web Security Dojo is a virtual machine that provides the tools, targets, and documentation to learning and practicing web application security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.
Ideal for those interested in getting hands-on practice for ethical hacking, penetration testing, bug bounties, and capture the flag (CTF). A single OVA file will import into VirtualBox and VMware. There is also an Ansible script for those brave souls that want to transform their stock Ubuntu into a virtual dojo.
- Vulnerable web applications
- Common web security testing tools
- Popular industry web application security guidelines
- Walk-throughs of several targets (no peeking ahead)
- No Internet-connect required to use
To install Web Security Dojo first you need to install VirtualBox or VMWare in your computer. And then follow the instructions bellow:
- Download latest Dojo (VirtualBox version) from here
- Unzip that file if needed.
- Run VirtualBox, and select File>Import Appliance
- Click “Choose”, find .ova file from step #2, and click “Open”, then “Next” and “Import”.
- The import process will take a few minutes.
- After complete, select the new machine and click the green Start arrow to boot it.
- User name dojo, password dojo (needed for system updates)