As the saying goes, the best defense is offense, and this sentence applies to the field of information security as well. Next, we will introduce you to the 15 latest web security sites. Whether you're a developer, security expert, auditor, or penetration tester, you can use these sites to improve your hacking skills. Practice makes perfect, please always keep this in mind!
1. Bwapp-"Portal"
Bwapp, the Buggy Web application, is a free open source web App. The site's developer Malik Messelem (@MME_IT) deliberately left a number of security holes in the site, including more than 100 common security issues in owasp TOP10.
The Bwapp uses the Php+mysql. For some high-end users, Bwapp also provides a custom Linux virtual machine image named Bee-box, which has been preloaded with Bwapp and can be downloaded directly from the user.
2.Damn vulnerable IOS App (Dvia)-"Portal"
Dvia is a mobile app for the iOS platform designed and developed by Information security Engineer @prateekg147. IOS 7 and later can be installed and used with a large number of security vulnerabilities, a platform that is very helpful for mobile app developers because there are many websites that can practice hacking, but there are few mobile apps available to practice.
"Point me" to view the Dvia help documentation.
3.Game of Hacks-"portal"
It's not really a web app that contains vulnerabilities, but it allows us to learn how to discover security vulnerabilities in our applications in another way. This is a very fun game, many security experts and developers are highly praised, so we recommend it to everyone. The goal of the game is to test your application security skills, and every problem in the game will give you a bunch of code, and you need to find the security holes in the code for a limited amount of time.
Interested students can watch the game of Hacks's Twitter (@gameofhacks) at all times to learn more about the updated information.
4.Google Gruyere-"Portal"
There are a number of security breaches in this site, designed for beginners who are just beginning to learn about Web application security, with the following three goals:
-Learn how hackers have identified security vulnerabilities;
-Learn how hackers exploit website vulnerabilities to implement attacks;
-Learn how to prevent hackers from discovering and exploiting security vulnerabilities;
Gruyere contains a variety of security vulnerabilities, ranging from cross-site scripting vulnerabilities (XSS) to cross-site request forgery (CSRF), from information disclosure vulnerabilities to DOS and remote code execution vulnerabilities, to the site "everything". It's important to note that this site not only teaches you how to look for security holes, but also tells you how to fix the vulnerabilities.
Gruyere is written in Python and offers both black-box and white-box testing methods, so students can learn how to penetrate a Web from both inside and outside.
5.hackthis!! -"Portal"
hackthis!! Lets you understand how hackers conduct illegal intrusions and data theft, and teaches you how to protect your website from hackers. hackthis!! offers more than 50 levels of difficulty and an active online communication community, so hackthis!! It's also a great place to learn about hacker technology and learn about security news and technical articles.
6.Hack this Site-"portal"
For anyone, Hackthissite is a great place to practice hacking techniques. The platform provides hacker news, technical articles, hacker forums, and a lot of novice tutorials, and you can learn and practise hacking techniques by completing the various challenges on the site.
7.Hellbound Hackers-"Portal"
Light says no practice false Bashi! Hellboundhackers provides us with a platform for practicing security technology, and we can learn how to discover, exploit, and fix vulnerabilities by completing various tasks on our website. Hellboundhackers also offers a number of novice tutorials that cover security-related knowledge such as cryptographic algorithms, application cracking, social engineering, and device root. With nearly 100,000 registered users in its online community, it is also one of the largest hacking communities available.
8.McAfee hacme Sites-"Portal"
Foundstone is a professional service project of McAfee, which launched a series of websites in 2006 that can help infiltrate testers and security professionals to improve their skills. Every app in the project simulates real-world scenarios, and even security breaches are very similar to what we do in real life.
The project includes the following content:
-HACME Bank
-hacmebank for Android
-hacmebooks
-hacmecasino
-hacmeshipping
-hacmetravel
9.Mutillidae-"Portal"
Designed for Linux and the Windows platform, Mutillidae is also a Web application with a large number of security vulnerabilities. It is important to note that the PHP script in this project contains not only all the vulnerabilities in Owasptop 10, but also many other kinds of vulnerabilities.
10.OverTheWire-"Portal"
Whether you're a developer or a security professional, Overthewire can help you learn and practise a variety of security skills, regardless of your level of skill. It offers a lot of fun hacking games and we suggest beginners should start with "Bandit".
11.Peruggia-"Portal"
Peruggia provides security experts and developers with a secure environment to test Web attack technology, which teaches you how to locate security vulnerabilities and mitigate the risks of security issues.
12.Root Me-"Portal"
Root me enables you to enhance your hacker technology and web security knowledge with more than 200 hacker challenge missions and over 50 virtual environments.
13.try2hack-"Portal"
Try2hack can be considered to be the most long-time online hacker technology website, this site provides a variety of difficult hacker games, and Novice can go to the community for help. In addition, GitHub also has a complete introduction to the game "portal".
14.Vicnum-"Portal"
This is a owasp project, and the goal of Vicnum is to provide knowledge education services on Web application security for different objects through an interesting approach (i.e. games).
15.WebGoat-"Portal"
Webgoat is also a owasp project, an insecure app that allows us to learn how to deal with complex security issues in real-world situations.
You can view the OWASP project page to learn more about Webgoat's content "Portal".
* Reference Source: LISTLY,FB Small alpha_h4ck Compilation, reproduced please specify from freebuf.com
Legally practicing hack technology? These 15 sites may be able to help you