[TOP10] Ten penetration test drill system

This paper summarizes the current network of more popular penetration test walkthrough system, these systems provide some actual security loopholes, ranked in no particular order, you can practice how to use the vulnerability of security testers, but also can learn the relevant knowledge of the vulnerability.

DVWA (Dam vulnerable Web application) DVWA is a set of web vulnerability testing programs written in Php+mysql for general Web vulnerability teaching and testing. Contains a number of common security vulnerabilities such as SQL injection, XSS, and blinds.

Link Address: http://www.dvwa.co.uk

Mutillidaemutillidae is a free, open source Web application that provides specifically allowed security testing and intrusion of Web applications. It is made up of Adrian "Irongeek" Crenshaw and Jeremy "Webpwnized" Druin. Developed a free and open source Web application. It includes rich penetration testing projects such as SQL injection, cross-site scripting, clickjacking, local file inclusion, remote code execution, and more.

Link Address: Http://sourceforge.net/projects/mutillidae

Sqlolsqlol is a configurable SQL injection test platform that contains a series of challenge tasks that allow you to test and learn SQL injection statements in a challenge. This program was released by Spider Labs at the Austin Hacker Conference.

Link Address: Https://github.com/SpiderLabs/SQLol

Hackxorhackxor is a online hacking game developed by albino and can be deployed with the full version installed, including common web vulnerability Walkthroughs. Contains common vulnerabilities such as XSS, CSRF, SQL injection, RCE, and so on.

Link Address: Http://sourceforge.net/projects/hackxor

Bodgeitbodgeit is a Java-written vulnerability Web program. He contains issues such as XSS, SQL injection, debug code, CSRF, unsafe object applications, and program logic.

Link Address: Http://code.google.com/p/bodgeit

Exploit kb/exploit.co.il The program contains a variety of vulnerable web applications that can test various SQL injection vulnerabilities. This application is also included in the BT5.

Link Address: Http://exploit.co.il/projects/vuln-web-app

Wackopickowackopicko is a vulnerable Web application published by Adam Doupé to test the Web Application Vulnerability Scanning Tool. It contains command-line injections, SessionID issues, file inclusions, parameter tampering, SQL injection, XSS, flash form reflective XSS, weak password scanning, and more.

Link Address: Https://github.com/adamdoupe/WackoPicko

Webgoatwebgoat is a flawed Java EE Web application maintained by the famous owasp, which is not a bug in the program, but is deliberately designed to teach Web application security courses. This application provides a realistic teaching environment that provides clues to the user completing the course.

Link Address: http://code.google.com/p/webgoat

OWASP hackademicowasp Hackademic is a project developed by OWASP that you can use to test various attack techniques, currently containing 10 problematic Web applications.

Link Address: https://code.google.com/p/owasp-hackademic-challenges

Xsseducationxsseducation is a set of programs developed by AJ00200 that specialize in testing cross-site applications. It contains tests for various scenarios.

Link Address: http://wiki.aj00200.org/wiki/XSSeducation

[TOP10] Ten penetration test drill system