Web Security Dojo

Web Security Dojo is a turnkey web application security lab with tools, targets, and training materials built into a Virtual Machine(VM). It is ideal for both self-instruction and training classes since everything is pre-configured and no external network connection is needed. All tools and targets are configured to use non-conflicting ports and a Firefox proxy switcher is set up to match.

Web Security Dojo v1.0 is now available for free at
http://dojo.mavensecurity.com

Web Security Dojo is an open source project built on Ubuntu and hosted at SourceForge. It is available in three flavors: a Virtualbox VM, VMWare VM, and a build script which can be used on a standard Ubuntu 9.10 install to produce the Dojo.
Collaboration and contributions are welcomed.

Major highlights:

Targets:
* OWASP WebGoat
* Damn Vulnerable Web App
* Hacme Casino
* OWASP InsecureWebApp
* custom PHP scripts including REST and JSON labs

Tools:
* Burp Suite (free version) [Thanks to Portswigger for permission to redistribute]
* w3af cvs version
* OWASP Skavenger
* OWASP Dirbuster
* Paros
* Webscarab
* Ratproxy
* sqlmap
* helpful Firefox add-ons

For a quick start grab the VM from http://dojo.mavensecurity.com and read the included Readme file and/or watch the intro video at http://www.youtube.com/watch?v=lum6bSsyJ38