Category Archives: penetration testing

Set-up WebGoat on linux

WebGoat is a java web application made up to test your web penetration testing skills. It is deliberately insecure and is developed and maintained by the Open Web Application Security Project (OWASP), who builds and releases a lot of interesting material in order to learn web penetration testing. Beside being a platform to test your web application hacking skills, it also gives you basic hints about the challenges you have to face in the real life. To access Webgoat, you will need to install it on you machine, or on a dedicated server. Continue reading

Get your own WordPress server for penetration testing

Getting WordPress in a virtual machine
Here, I will talk about how to quickly get WordPress running in a virtual machine. I will use VirtualBox. Note that this is valid for other CMS. You can download a virtual machine with WordPress fully integrated here, on the bitnami website, that provides a lot of material and solutions to make your life easier. After downloading it, check the checksum value of the file you just dowloaded, and compare it to that given on the website. You can then open the file with VirtualBox. Follow the instruction and import the new appliance. And that’s it, you have your web server with Worpress on it ready. Continue reading