.

Web Security Dojo - Recommended?

<<

clanggedin

Newbie
Newbie

Posts: 17

Joined: Thu May 27, 2010 12:51 pm

Post Tue Jun 01, 2010 1:46 pm

Web Security Dojo - Recommended?

I just came across this program and I'm looking at playing with it to learn more and penetration testing. I searched the forum before I asked the question, and did not find any reviews or opinions on if it's worth while or not.

I don't have tons of pentesting experience and want to get certified in the future, will this help me learn the tools I need?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Jun 01, 2010 2:52 pm

Re: Web Security Dojo - Recommended?

I have limited experience with it, but had a lab setup using it, once upon a time.  I seem to recall it was a pretty good primer to really get my web-thinking juices flowing, and I enjoyed working on it.

Whether it is or isn't the best (I haven't used it in some time, so I can't fairly rate it good or bad,) it's one more card in the deck, as far as having a good training lab goes.  Can never hurt to setup different scenarios, as even those you think you've got 'mastered' can sometimes come back to bite you, if you're complacent.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

secureseve

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Apr 08, 2010 10:40 pm

Location: DMZ

Post Tue Jun 01, 2010 3:06 pm

Re: Web Security Dojo - Recommended?

I've played with it for a little bit. I went between the dojo, webgoat and DVL. They are all good primers on the web dev security from what I remember. I'll be setting them up as soon as I get my new computer chock full of RAM for tons of VM labs lol.
http://twitter.com/mikesantillana
eLearnSecurity Team Member.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Thu Jun 03, 2010 11:40 am

Re: Web Security Dojo - Recommended?

Metasploit Unleashed is also a good resource:

http://www.offensive-security.com/metasploit-unleashed/
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

secureseve

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Apr 08, 2010 10:40 pm

Location: DMZ

Post Thu Jun 03, 2010 11:59 am

Re: Web Security Dojo - Recommended?

I'm also trying to integrate Damn Vulnerable Web App into the Web Security dojo found here: http://sourceforge.net/projects/dvwa/

Try it for more web practice.
http://twitter.com/mikesantillana
eLearnSecurity Team Member.
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Thu Jun 03, 2010 1:29 pm

Re: Web Security Dojo - Recommended?

It doesn't include all the tools, but will definitely help you get started if you've no prior experience.

@secureseven
The latest version of Dojo includes DVWA.
<<

secureseve

User avatar

Jr. Member
Jr. Member

Posts: 79

Joined: Thu Apr 08, 2010 10:40 pm

Location: DMZ

Post Thu Jun 03, 2010 3:10 pm

Re: Web Security Dojo - Recommended?

Ah, thanks Equix3n-

Even though it doesn't have all the tools, I'm sure in your lab you can setup the web servers and use a second VM or computer with backtrack/samurai to attack it

Also, I haven't tried it, but I've seen some stuff on Multilldae(another vulnerable web app) from IronGeek I believe.
http://twitter.com/mikesantillana
eLearnSecurity Team Member.

Return to Opinions

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software