.

NEW: Coliseum Web App Security Lab

<<

Armando

User avatar

Jr. Member
Jr. Member

Posts: 93

Joined: Sun Sep 13, 2009 11:15 am

Location: Italy

Post Thu Jul 21, 2011 10:44 am

NEW: Coliseum Web App Security Lab

Hello all,
This forum has always demonstrated much interest in what we at eLearnSecurity do so I think you would be interested to know about our newest project: Coliseum Lab : http://www.coliseumlab.com

Coliseum allows you to learn web application penetration testing through 100% hands on educational challenges.

This is a framework that we have created that runs as a virtual lab on a few servers so you don't need to set up virtual machines and can instead play different techniques on different platforms (Win/Linux, MySQL/MS SQL Server/Postgre, PHP/.NET...).

You can get a demo challenge on the above link.
If you are interested to know more just reply to this thread.

Thank you :)
Founder and Lead Author of eLearnSecurity
Training for Penetration Testers
http://www.elearnsecurity.com

Founder of HACK.ME Free community based web app security virtual labs
https://hack.me
<<

rabray

Newbie
Newbie

Posts: 38

Joined: Mon Nov 01, 2010 2:41 pm

Post Fri Jul 22, 2011 2:49 pm

Re: NEW: Coliseum Web App Security Lab

My observations about gains I feel I have made from dedicated time in the labs : http://rabray.wordpress.com/2011/07/22/ ... ervations/
---------------------------------------
CEH, eCPPT, MCT, MCSA, MCDST, A+, Net+

Never been the flamin type.
<<

CharlieE

Newbie
Newbie

Posts: 2

Joined: Sun Aug 14, 2011 7:09 am

Post Mon Aug 22, 2011 5:23 pm

Re: NEW: Coliseum Web App Security Lab

I've gone through most of this now, but the last 2 labs.

I felt that it was a bit too easy. There was at no point where I really was in doubt what to do, as it was all very very obvious. I was able to complete most labs in about 30 minutes.

So unless you can't dedicate very much time to this, 1 month of access is more than sufficient given the current amount of labs. But I really hope that they extend it with more real-life-like targets, rather than just sites that say "HEY, LOOK HERE. IF YOU POINT SQLMAP AT ME, YOU WIN".

I did however appreciate the humor there was in a lot of it.

And you shouldn't go into this unless you have at least a basic idea about what websec is. If you have done a pentest before on a website and know basic XSS, SQLi, CSRF, file upload holes and those sort of things, this is not for you unless you want to prove to yourself that you know what you're doing. You'll most likely find this to be a project or a single weekend.

Return to eCPPT - eLearnSecurity Certified Professional Penetration Tester

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software