15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills
https://www.checkmarx.com/2015/04/16/15-vulnerable-sites-to-lega...
G E T A F R E E D E M O ( h t t p : / / c h e c k m a rSOLUTIONS
x . h s - s i t e s . (https://www.checkmarx.com/solutions/)
c o m / c s / c / ? c t a _ g u i d = e e 9 f a 3 d b - a a b e - 4 9 2 7RESOURCES
- a 0 9 7 - 3 2 1(https://www.checkmarx.com/resources/)
d6e390b6b&
PRODUCTS (/technology/static-code-analysis-sca/)
(/)
p lac e me nt_ guid =0 4 3 e 6 b 1 9 -7 f e e - 4 fa9 - b 2 5 a- d b 2 e c 5 9 7 f 4 3 3 &p o r tal_ id =1 4 6 1 6 9 &
red irect_url=APefj pFF9CCfPj DIEZ 4Qc n5HBk zx bf_7P8OYGtmEDk YB k 9JU A t7G z MK8Np O z A 4-46h P b ND k X mTX EX J q Z 1eH P K2lwQ b ev 0-O ulux wI h Yel_ x BLOG (https://www.checkmarx.com/resources/blog/)
COMPANY
(https://www.checkmarx.com/contact-us/)
82N5q x eV 8fDampp8eVpQ FX U
G x m N S s i(/about-us/)
S & h s u t k = & c a n o nCONTACT
= h t t p s % 3US
A%
2F
%2 Fw ww. c h e c k mar x .c o m%2 F2 0 1 5 %2 F0 4 %2 F1 6 %2 F1 5 -v ulne r ab le - s ite s - to - le gally - p rac tic e -y o ur - h ac k ing- s k ills%2 F&
_ _ h stc =206289484. 1e92d 420e4e4e4ad 7d f e8fc 9c 4a83138. 1484162894466.1484162894466. 1484162894466.1&
Home (https://www.checkmarx.com) > Blog (https://www.checkmarx.com/resources/blog/) >
__h ssc =206289484. 1.1484162894467&__h sfp=4257683535)
Resources & Tools (https://www.checkmarx.com/category/blog/resources-tools/) >
Stay Connected
Sign up today & never miss an update from
All Posts (/blog)
the Checkmarx blog
1566
15 Vulnerable
Sites To (Legally) Practice Your
Hacking
Skills
1450
234
Apr 16, 2015 By Sarah Vonnegut (/author/sarahv)

They say the best defense is a good offense and its no different in the InfoSec world. Use
these 15 deliberately vulnerable sites to practice your hacking skills so you can be the best
defender you can whether youre a developer, security manager, auditor or pen-tester. Always
remember: Practice makes perfect! What other sites have you used to practice on? Let us know
below!
15 Vulnerable Sites To (Legally) Practice Your Hacking Skills (//list.ly/list/euz-15-vulnerablesites-to-legally-practice-your-hacking-skills)
REPORT
15 items 33 followers 26 votes 132.82k views

Checkmarx
15 Vulnerable Sites To (Legally) Practice Your

Hacking Skills - 2016 Update
Listly by Checkmarx (//list.ly/Checkmarx)
They say the best defense is a good offense - and it's no different in the InfoSec world. Here's our
updated list of 15 sites to practice your hacking skills so you can be the best defender you can whether you're a developer, security manager, auditor or pen-tester. And remember - practice
makes perfect! Are there any other sites you'd like to add to this list? Let us know below!
Follow List
Items
Embed List
Queue
Alpha
List
1 bWAPP (http://www.itsecgames.com/)
bWAPP, which stands for Buggy Web Application, is "a free and open
source deliberately insecure web application" created by Malik Messelem,
@MME_IT (https://twitter.com/MME_IT) . Vulnerabilities to keep an eye
out for include over 100 common issues derived from the OWASP Top 10
(https://www.owasp.org/index.php
/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2013) .
bWAPP is built in PHP and uses MySQL. Download the project here
(http://www.itsecgames.com/) . For more advanced users, bWAPP also offers what Malik calls a
bee-box, a custom Linux VM that comes pre-installed with bWAPP.
3
0 Comments
Relist Share
2 Damn Vulnerable iOS App (DVIA) (http://damnvulnerableiosapp.com/)
1 of 5
1/12/2017 12:59 AM
Recently re-released as a free download by InfoSec Engineer
1566
@prateekg147 (https://twitter.com/prateekg147) , DVIA was built as an
d6e390b6b&
especially insecure mobile app for iOS
7 and above. For mobile app
(/)
p l adevelopers
c e m e n t _ the
g u iplatform
d = 0 4 3 eis6 especially
b 1 9 - 7 f e ehelpful,
- 4 f a 9 because
- b 2 5 a -while
d b 2 ethere
c 5 9 7are
f 4 3 3 &p o r tal_ id =1 4 6 1 6 9 &
1450
Product
Knowledge (/technology
Partners
(/partners/)
Contact
Blog (https://twitter.com/checkmarx)
r e d i r sites
e c t _Company
u rpractice
l = A P(/company
e fhacking
j p F F 9 Cweb
Cf Papplications,
jD
IEZ4Q
cmobile
n5HBk
z x bthat
f_7
P 8 O YUs
GtmEDk Y (/technology/static(https://www.facebook.com/Checkmarx.Source.Code.Analysis)
(https://www.youtube.com/user/CheckmarxResearchLab)
numerous
to
apps
B kare
9JU
A t7G
z M K 8toNcome
p
zby!
A 4 - 4 6 h P b N D k X m T X E X J q Z 1 e H P K 2 lw Q(https://www.linkedin.com/company/checkmarx)
b ev 0-O ulux wI h Yel_x much
harder
234 can be legally hacked
(https://plus.google.com/u/0/+Checkmarx/posts)
O (http://feeds.feedburner.com/Checkmarx)
Partners
Get (https://www.checkmarx.com/resources/blog/)
going with DVIA by watching
this
the
'Getting
BLOG
COMPANY
82N5q
x e YouTube
V 8 f D a mvideo
p p 8and
e V preading
Q FX U
GOur
xm
N S s i(/about-us/)
SStarted
& h s u t k = & c a n o nCONTACT
= h t t p s % 3US
A%
2F
code-analysis-sca/)
/application-security/about-us/)
(https://www.checkmarx.com
% 2 F(http://damnvulnerableiosapp.com/2013/12/get-started/)
w w w . c h e c k m a r x . c o m % 2 F 2 0 1 5 % 2 F 0 4 % 2 F 1 6 %' guide.
2 F 1 5 - v(https://www.checkmarx.com
ulne r ab le - s ite s - to - le gally - p rac tic e -y o ur - h ac k ing- s k ills%2 F&
Static Code Analysis 3
About Us
Application Static Analysis
/technology/static-
/partners/)
/contact-us/)
__h ssc =206289484. 1.1484162894467&__h sfp=4
257683535)
testing/)
(https://www.checkmarx.com Technical Partners

0 Comments Relist Share
/about-us/)
(https://www.checkmarx.com Terms of Use
code-analysis-sca/)
Management
3 Game of (https://www.checkmarx.com
Hacks (http://www.gameofhacks.com/)
Stay Connected
Application Security Trends
/partner/technical-partners/) (https://www.checkmarx.com (https://www.checkmarx.com
/technology/applicationBecome
Alright, this one(https://www.checkmarx.com
isn't exactly a vulnerable web
app a- Partner
but it's another
Supported Languages
/resources/blog/)
/terms-of-use/)

/category/blog/application-
engaging way of learning to spot application security vulnerabilities, so

the Checkmarx blog
security-trends/)
(https://www.checkmarx.com security-testing/)
/company/management/)
(https://www.checkmarx.com Privacy Policy
we thought we'd throw it in. Call it shameless self-promotion, but we've
Case Studies received amazing
/technology/supportedBoard
of Directors
/partners/becomefeedback
from security pros
and developers alike, so(https://www.checkmarx.com AppSec Tips & Best Practices
we're happy to share
it with you, too! The game
is designed to test your/privacy-policy/)
coding-languages/)
a-partner/)
AppSec skills and each question offers a chunk of code which may or may not have a security
/resources/case-studies/)
Vulnerability Coverage
/company/board/)
Partners
Zone makes Game of
vulnerability - it's up to you to " gure it out before the clock runs out. A leaderboard
Hacks just that
much
more enticing.
White
Papers
Investors
(https://checkmarx.my.salesforce.com
Follow Game of Hacks on Twitter (https://twitter.com/gameofhacks) for updates and play the
(https://www.checkmarx.com (https://www.checkmarx.com /secur
/technology/vulnerabilitygame here (http://www.gameofhacks.com/) .
coverage/)
SDLC
/category/blog/appsectips-best-practices/)
Mobile Security
/resources/white-papers/)
/company/investors/)
/login_portal.jsp?orgId=00D20000000IoIO&
Webinars
Events
portalId=060D000000010BS)
/category/blog/mobile-
(https://www.checkmarx.com)
(https://www.checkmarx.com (https://www.checkmarx.com
0 Comments
Relist Share
/solutions-2/secure-sdlc/)
/resources/webinars/)
Implementation
Videos
/solutions-2/cxcloud-
/resources/videos/)
/company/company-news/)
Learn how hackers
" nd security vulnerabilities
on-demand/)
Technical Documents
Awards
Learn how to stop
hackers from " nding and exploiting vulnerabilities
security/)
Resources & Tools
/company/events/)
2017 Checkmarx.com
LTD, (http://google-gruyere.appspot.com/)
4 Google Gruyere
Press
This 'cheesy' vulnerable site is full of holes and aimed for those just
All Rights Reserved
(https://www.checkmarx.com (https://www.checkmarx.com (https://www.checkmarx.com
starting to learn application security. The goal of the labs are threefold:
/category/blog/resourcestools/)
Learn how hackers exploit web applications
"'Unfortunately,'
Gruyere has multiple security
bugs ranging from cross-site scripting and
REQUEST
A DEMO
(http://ctacross-site request forgery, to information disclosure, denial of service,
and remote
code execution,"
(https://www.checkmarx.com /knowledge/technical/company/awards/)
the website states. "The goal of this code lab is to guide you through discovering some of these
Compliance
bugs and learning

ways to " x them bothCareers
in Gruyere and in general."
documents/)
/solutions-2/complianceredirect.hubspot.com
Written in Python, Gruyere offers opportunities for both black box and white box testing so
FAQ
risk-management/)
"hackers" have the chance to play on both sides of the fence.
/cta/redirect/146169
Sitemap
/company/careers/)
Get started here:
http://google-gruyere.appspot.com/
(http://google-gruyere.appspot.com/)
(https://www.checkmarx.com /knowledge/faq/)
/sitemap/)
/043e6b19-7fee-4fa9-b25a0 Comments
Relist Share
Glossary
5 HackThis!!
(https://www.hackthis.co.uk/)
db2ec597f433?__hstc=206289484.1e92d420e4e4e4ad7dfe8fc9c4a83138.1484162894466.1484162894466.1484162
HackThis!! (https://www.hackthis.co.uk/) was designed to teach how

/resources/glossary)
hacks, dumps, and defacement are done, and
how you can secure your
__hssc=206289484.1.1484162894467&
website against hackers. HackThis!! offers over 50 levels with various
dif" culty levels, in addition to a lively and active online community
Email*
2 of 5
making this a great source of hacking and security news and articles.
__hsfp=4257683535)
Get started with HackThis!! here (https://www.hackthis.co.uk/) .
1/12/2017 12:59 AM
1566
d6e390b6b&
(/)
1450
red irect_url=APefj pFF9CCfPj DIEZ 4Qc n5HBk zx bf_7P8OYGtmEDk Y234
B k 9JU A t7G z MK8Np O z A 4-46h P b ND k X mTX EX J q Z 1eH P K2lwQ b ev 0-O ulux wI h Yel_ x -
BLOG (https://www.checkmarx.com/resources/blog/)
COMPANY
= h t t p s % 3US
A%
2F
__h ssc =206289484. 1.1484162894467&__h sfp=4257683535)
Stay Connected
the Checkmarx blog
3 of 5
1/12/2017 12:59 AM
1566
d6e390b6b&
(/)
1450
COMPANY
= h t t p s % 3US
A%
2F
__h ssc =206289484. 1.1484162894467&__h sfp=4257683535)
Stay Connected
the Checkmarx blog
4 of 5
1/12/2017 12:59 AM
1566
d6e390b6b&
(/)
1450
COMPANY
= h t t p s % 3US
A%
2F
__h ssc =206289484. 1.1484162894467&__h sfp=4257683535)
Stay Connected
the Checkmarx blog
5 of 5
1/12/2017 12:59 AM

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

Hochgeladen von

Copyright:

Verfügbare Formate

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills