EH-Net

I just came across this program and I'm looking at playing with it to learn more and penetration testing. I searched the forum before I asked the question, and did not find any reviews or opinions on if it's worth while or not.

I don't have tons of pentesting experience and want to get certified in the future, will this help me learn the tools I need?

I have limited experience with it, but had a lab setup using it, once upon a time.  I seem to recall it was a pretty good primer to really get my web-thinking juices flowing, and I enjoyed working on it.

Whether it is or isn't the best (I haven't used it in some time, so I can't fairly rate it good or bad,) it's one more card in the deck, as far as having a good training lab goes.  Can never hurt to setup different scenarios, as even those you think you've got 'mastered' can sometimes come back to bite you, if you're complacent.

I've played with it for a little bit. I went between the dojo, webgoat and DVL. They are all good primers on the web dev security from what I remember. I'll be setting them up as soon as I get my new computer chock full of RAM for tons of VM labs lol.

Metasploit Unleashed is also a good resource:

http://www.offensive-security.com/metasploit-unleashed/ (http://www.offensive-security.com/metasploit-unleashed/)

I'm also trying to integrate Damn Vulnerable Web App into the Web Security dojo found here: http://sourceforge.net/projects/dvwa/

Try it for more web practice.

It doesn't include all the tools, but will definitely help you get started if you've no prior experience.

@secureseven
The latest version of Dojo includes DVWA.

Ah, thanks Equix3n-

Even though it doesn't have all the tools, I'm sure in your lab you can setup the web servers and use a second VM or computer with backtrack/samurai to attack it

Also, I haven't tried it, but I've seen some stuff on Multilldae(another vulnerable web app) from IronGeek I believe.