NEW: Coliseum Web App Security Lab

[Armando]

Hello all,
This forum has always demonstrated much interest in what we at eLearnSecurity do so I think you would be interested to know about our newest project: Coliseum Lab : http://www.coliseumlab.com

Coliseum allows you to learn web application penetration testing through 100% hands on educational challenges.

This is a framework that we have created that runs as a virtual lab on a few servers so you don't need to set up virtual machines and can instead play different techniques on different platforms (Win/Linux, MySQL/MS SQL Server/Postgre, PHP/.NET...).

You can get a demo challenge on the above link.
If you are interested to know more just reply to this thread.

Thank you

[rabray]

My observations about gains I feel I have made from dedicated time in the labs : http://rabray.wordpress.com/2011/07/22/coliseumlab-observations/

[CharlieE]

I've gone through most of this now, but the last 2 labs.

I felt that it was a bit too easy. There was at no point where I really was in doubt what to do, as it was all very very obvious. I was able to complete most labs in about 30 minutes.

So unless you can't dedicate very much time to this, 1 month of access is more than sufficient given the current amount of labs. But I really hope that they extend it with more real-life-like targets, rather than just sites that say "HEY, LOOK HERE. IF YOU POINT SQLMAP AT ME, YOU WIN".

I did however appreciate the humor there was in a lot of it.

And you shouldn't go into this unless you have at least a basic idea about what websec is. If you have done a pentest before on a website and know basic XSS, SQLi, CSRF, file upload holes and those sort of things, this is not for you unless you want to prove to yourself that you know what you're doing. You'll most likely find this to be a project or a single weekend.