Lab for web application pen testing : OWASP BWA

Hello Friends so we start our web application security. To perform our experiments in a secure Environment we setup our lab so that we can practice in it 

OWASPBWA : Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.

Requirements :  

• Virtual Machine Software - Download Here
• OWASP Broken Web Apps Virtual Machine -- Download Here
• Web Proxy Tools -- OWASP Zap Proxy & Brup Proxy
• Web Browser -- Mozila Firefox Portable
• Web Browser Plugins -- Firebug & Firecookie

About OWASP-BWA :

  OWASP BWA is just a collection of vulnerable apps it contains the following ....

Training Application

• OWASP WebGoat
• OWASP WebGoat.NET
• OWASP ESAPI Java SwingSet Interactive
• Mutillidae 
• Damn Vulnerable Web Application
• Ghost

Realistic, Intentionally Vulnerable Applications

• OWASP Vicnum
• Peruggia
• Google Gruyere
• Hackxor
• WackoPicko
• BodgeIt

 Old (Vulnerable) Versions of Real Applications

•  WordPress
•  OrangeHRM
•  GetBoo
•  GTD-PHP
•  Yazd 
•  WebCalendar
•  Gallery2
•  Tiki Wiki
•  Joomla
• AWStats 

Applications for Testing Tools 

•  OWASP ZAP-WAVE
•  WAVSEP
•  WIVET

 

Demonstration Pages/Small Applications

• OWASP CSRFGuard Test Application
• Mandiant Struts Forms
• Simple ASP.NET Forms
• Simple Form with DOM Cross Site Scripting

OWASP Demonstration Application

• OWASP AppSensor Demo Application

Lab Setup :  

Step 1 : Download & install Virtual Box
Step 2 : Extrct The OWASP Broken Web Apps Virtual Machine into the system directory in any other location other than Administrator access. Because it is most vulnerable application your system may be compromise.
Step 3 : After Extract OWASP-BWA files find OWASP Broken Web Apps.vmx
Step 4 :Now it will open a new window in the virtual box and wait for some time until it starts its all applications and after that it will ask for login details .
Step 5 : Now it is already given that the login ID and Password as follows
Username : root
Password  : owaspbwa

Step 6 : Now wait for some time it will starts
Step 7 : It was strongly Recommended that run it in "Host only or in NET  network in the virtual box
Step 8 :After successful installation just minimize it & open the other window in the same network & just use the link given like : http://192.168.56.102 

Step 9 : So the Lab setup completed enjoy Pen-testing in your home network