Hey there,

So I've been pondering this question for a few days. I was wondering if anybody had any good ideas:

As somebody who's learning about information security, what is the best way to gain experience in stuff like penetration testing and general application security?

Obviously, I can't go out on the internet and start attempting to get into servers/web apps or the like. So it has to be done in a controlled environment.

But where does on find real-life targets to gain experience working against? And where does on find targets that aren't obviously flawed and "too easy", yet aren't so high-profile targets that you need to be a guru to break it?

Basically the goal is just to find a project to work on to give one experience with security. Any ideas/advice is appreciated.

As my op stated, I'm not looking for things like WebGoat, De-ICE or things like that. I've already done all that, and it only allows you to try out concepts, not apply them in a real-life situation that gives you any experience you can use anywhere else.

The local 2600 chapter where I live is planning on doing a Hacker Capture The Flag event (sometime in the future, could be months away), which all of the vulnerable boxes will be run from virtual machines. I think we're going to be setting these up ourselves, and I don't see any reason why would couldn't distribute those images after they're tested. Of course, we probably wouldn't divulge what any of the vulnerabilities are, you have to find that on your own.

However, at this point, it becomes exactly like the De-ICE images, etc., so I'm not really sure that's what you're looking for.

On a side note, I feel that this is a bit harsh:


These tools DO provide real-life situations. Some of them are a little outdated, but the idea is to first fix the outdated ones, then go on to the harder ones. For example, if DVWA has a SQL Injection vuln., fix it and go on to the next thing. You can really play both sides of these images, finding the vulnerabilities, and hardening the OS.

The other thing you can do it setup your own VM to break into. Set it up running a webserver, or other services, and have someone else change all the passwords for you. Or have a friend setup the VM for you entirely. If you don't know anybody that could help you with this, look for a local 2600 chapter, or Linux Users Group.

Also, if you are doing any kind of security related work for a company, you may be able to take an image of their webserver and test it in a virtual environment. This would allow you to scan for vulnerabilities, without worry of breaking it, because it won't be in production. This also gives you the ability to break it over and over again, using a duplicate of the original image every time you want to start from scratch.

Hope this helps, keep us posted on your findings. There are a lot of us here that would also like to do what you're wanting to do.