OWASP Practice: Learn and Play from Scratch
OWASP Practice is a virtual environment to help people who want to begin their journey into web application security. Lots of material including videos are available on the Internet, both for free and for a fee, that teach web application security in a good manner. But this project has been started for the sole purpose of helping people to understand the basics behind vulnerability and gradually moving forward. OWASP Practice contains a learning environment which helps us to understand why and how vulnerabilities are triggered. This project or any other project alone cannot help anyone master everything. It just our contribution to the community. We were all beginners in this field at some point of time, and still we are in a continuous learning phase. We hope this project helps the community.
Coming back to "OWASP Practice", OWASP released a list of top 10 vulnerabilities. "OWASP Top 10 Web Application Vulnerabilities 2013" is one of the most popular projects by OWASP. The project starts with explaining every vulnerability in as easy words as possible, along with vulnerable demo applications and videos demonstrating the vulnerability in action.
11 courses, 8+ hours of training
OWASP Practice has been built with the OWASP Top 10 Web Application Vulnerabilities in mind. It is a virtual machine which hosts custom web applications which are vulnerable to OWASP Top 10 vulnerabilities. Every vulnerability has one or more practice lessons associated with it which can be used to exploit and trigger the vulnerability. Along with that, every lesson has a tutorial linked to it which can be accessed anytime to learn how the vulnerability is triggered and how to exploit it. Every lesson tutorial has screenshots in it for better understanding. Adding to the tutorials, videos demonstrating the vulnerabilities are also available for download separately.
Features of OWASP Practice:
- Boot-to-Pwn VM with vulnerable web applications
- Categorized lessons for OWASP vulnerabilities
- Custom-made vulnerable practice lessons
- Lessons covering everything from logic of vulnerability to how to trigger vulnerability
- Tutorials explaining the vulnerability and its solution
- Videos to demonstrate vulnerability in action
- Source code and SQL file available
A few things that might come handy are:
- Mozilla Firefox
- Firefox Addons
- Firebug
- Live HTTP Headers
- Tamper Data
- User-Agent Switcher
- Cookie Manager+
- BurpSuite
Screenshots:
Main Page of OWASP Practice:
OWASP Top 10 Vulnerabilities:
XSS Vulnerability description and lessons:
One of the lessons of XSS vulnerability:
Tutorial of XSS vulnerability:
Fill out the form below to for the OwaspPractice File Download:
Downloads include:
- OwaspPractice Virtual Machine
- OwaspPractice Source Code and SQL file
- OwaspPractice Vulnerability Demo Videos
User Credentials:
Local User Accounts:
Username: root
Password: toor
Username: owasppractice
Password: owasppractice
Phpmyadmin:
Username: root
Password: NO_PASSWORD
Joomla Administrator:
Username: admin
11 courses, 8+ hours of training
Password: admin
Learn how to secure systems with 11 courses from Infosec Skills instructor and #1 best-selling author Ted Harrington.
- Hack your system
- Establish your threat model
- Spend wisely
- And more
In this Series
- OWASP Practice: Learn and Play from Scratch
- DevSecOps: Moving from “shift left” to “born left”
- What’s new in the OWASP Top 10 for 2023?
- DevSecOps: Continuous Integration Continuous Delivery (CI-CD) tools
- Introduction to DevSecOps and its evolution and statistics
- MongoDB (part 3): How to secure data
- MongoDB (part 2): How to manage data using CRUD operations
- MongoDB (part 1): How to design a schemaless, NoSQL database
- Understanding the DevSecOps Pipeline
- API Security: How to take a layered approach to protect your data
- How to find the perfect security partner for your company
- Security gives your company a competitive advantage
- 3 major flaws of the black-box approach to security testing
- Can bug bounty programs replace dedicated security testing?
- The 7 steps of ethical hacking
- Laravel authorization best practices and tips
- Learn how to do application security right in your organization
- How to use authorization in Laravel: Gates, policies, roles and permissions
- Is your company testing security often enough?
- Authentication vs. authorization: Which one should you use, and when?
- Why your company should prioritize security vulnerabilities by severity
- There’s no such thing as “done” with application security
- Understanding hackers: The insider threat
- Understanding hackers: The 5 primary types of external attackers
- Want to improve the security of your application? Think like a hacker
- 5 problems with securing applications
- Why you should build security into your system, rather than bolt it on
- Why a skills shortage is one of the biggest security challenges for companies
- How should your company think about investing in security?
- How to carry out a watering hole attack: Examples and video walkthrough
- How cross-site scripting attacks work: Examples and video walkthrough
- How SQL injection attacks work: Examples and video walkthrough
- Securing the Kubernetes cluster
- How to run a software composition analysis tool
- How to run a SAST (static application security test): tips & tools
- How to run an interactive application security test (IAST): Tips & tools
- How to run a dynamic application security test (DAST): Tips & tools
- Introduction to Kubernetes security
- Key findings from ESG’s Modern Application Development Security report
- Microsoft’s Project OneFuzz Framework with Azure: Overview and concerns
- Software maturity models for AppSec initiatives
- Best free and open source SQL injection tools [updated 2021]
- Pysa 101: Overview of Facebook’s open-source Python code analysis tool
- Improving web application security with purple teams
- Open-source application security flaws: What you should know and how to spot them
- Android app security: Over 12,000 popular Android apps contain undocumented backdoors
- 13 common web app vulnerabilities not included in the OWASP Top 10
- Fuzzing, security testing and tips for a career in AppSec
- 14 best open-source web application vulnerability scanners [updated for 2020]
- 6 ways to address the OWASP top 10 vulnerabilities
- Ways to protect your mobile applications against hacking
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Application security
Application security
Application security
DevSecOps: Continuous Integration Continuous Delivery (CI-CD) tools
Application security