Hacker has to good knowledge of how Web applications work before he going to find the vulnerabilities in them, He has to be a good knowledge on Linux Operation Systems.
To Practise Web application Penetration testing, Here are some Vulnerable Websites, where we can pentest the website rather than doing on live websites.
BWAPP (“buggy web application”) is created by Malik Messelem, is an open-source Web application intended to enhance the aptitudes of understudies, designers or individuals intrigued by IT security to find and anticipate web vulnerabilities.
The Application has more than 70 vulnerabilities, for example, SQL infusion, Cross-Site Scripting (XSS) or Denial of Service (DoS).
bWAPP is a PHP application that uses a MySQL database. It can be facilitated on Linux, Windows, and Mac with Apache/IIS and MySQL. It can likewise be introduced with Lamp, WAMP or XAMPP.
Damn Vulnerable Web Application is written in PHP/MySql, its main goal are to be in aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the process of securing web application security in a classroom environment.
There are four difficulty levels in DVWA
1.impossible 2.High 3.Medium 4.Low
BruteForce, Command Inject, CSRF, File Upload, Insecure Captcha, SQL Injection, Weak Session ID’s, XSS.
3.Hack This Site:
Hack This Site founded by Jeremy Hammond, commonly referred to as HTS, is an online hacking and security website. It aims to provide users with a way to learn and practice basic and advanced “hacking” skills through a series of challenges in a safe and legal environment.
Hack The Site also has an IRC Network that serves as a social gathering of like-minded people to discuss anything.
Challenges on Hack This Site is:
- Basic and Realistic Challenges
- Programming Missions
- Application Missions
- Steganography Missions
- Forensic Missions
view Hack This Site
Gruyere written in Python, it is a great option for beginners to learn web application penetration testing
Gruyere had divided the vulnerabilities into different sections and in each section, you will have a task to find the Vulnerability
some Vulnerabilities are :
- Cross-site Scripting
- Cross-site request forgery
- Remote code execution
- Information disclosure
- Dos attack
Mutillidae is a free open-source web application, it is written in PHP, it can be used in both Windows and Linux operation systems, it has more than 40 Vulnerabilities including OWASP Top 10 Vulnerabilities.
6.Defend The Web:
Defend The Web is also Know as Hack This. It has 60+ hacking levels, articles that cover all areas of security including those specifically contained on the level. They have a community of hackers, developers and security experts share their Knowledge there
view: Defend The Web.
7.Over The Wire:
Over The wire offers wargames and warzones for different skill levels, The having an IRC Network channel they communicate about the security issues
The warzone is an isolated network simulating the entire IPv4 Internet, on which all connected devices are targets to be hacked. the warzone allows players to connect their own hackable servers or devices with any software they like, as long as it speaks IP.
View Over The Wire.
WebGoat is an insecure web application created by OWASP as a guide for secure programming practices. Once downloaded, the application comes with a tutorial and a set of different lessons that instruct students how to exploit vulnerabilities to teach them how to write code securely.
Try2Hack provides several Security Oriented Challenges, it is one of the oldest challenge sites still around.
They also have an IRC channel for communication.
Root Me has 371 challenges and 134 Virtual Environments