XSS Game :: Learn Cross-Site Scripting, Bug-Test Google Apps, Step 3: Profit

This entry is part 5 of 5 in the series [ Sites Where You Can Hack ]

Here’s another Google Appspot pen-testing practice site, this one focused on XSS (Cross-Site Scripting). Oh, it’s so fun to have sites where you can rampage like Hannibal’s elephants without getting condemned to death by gladiator! “In this training program, you will learn to find and exploit XSS bugs. You’ll use this knowledge to confuse and …

Gruyere :: A Cheesy Web App For Your Hacking Delectation

This entry is part 4 of 5 in the series [ Sites Where You Can Hack ]

I’ll let them say it: “This codelab is built around Gruyere /ɡruːˈjɛər/ – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. ‘Unfortunately,’ Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. …

OWASP Juice Shop :: Get Your Web Hacking Jollies Here [ Hacker Night School ]

This entry is part 3 of 5 in the series [ Sites Where You Can Hack ]

OWASP Juice Shop: Hmm, let’s see what we can hack here. This isn’t for beginners, but this realistic e-commerce site lets you root around and find things to break without the local gendarmerie knocking at your door. It’s pretty, it’s well-designed and well-coded, and it keys to the OWASP Top 10 Web Vulnerabilities (which you’d …

[ Hacker Night School ] :: WebGoat, An OWASP Hacking Practice Website

This entry is part 25 of 32 in the series [ Hacker Night School ]

OWASP supports two hackable-website packages, WebGoat and Mutillidae. “WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.” – https://github.com/WebGoat/WebGoat …

[ Hacker Night School ] :: Hacking Practice: the Command Injection ISO

This entry is part 11 of 32 in the series [ Hacker Night School ]

I love sites like HackThisSite.org and root-me.org, where you can practice your hacking skills legally and safely. There are also some cool pre-vulnerable-ized web applications/sites that you can download, unzip and use on your hacking lab, like DVWA and Mutillidae. Then there are the dedicated virtual machines like Metasploitable, that give you a whole OS …

[ Hacker Night School ] :: Get your hack on crackin this site: root-me.org

Glenn Norman
This entry is part 2 of 5 in the series [ Sites Where You Can Hack ]

Where HackThisSite.org is about … hacking that site, root-me.org is a whole platform. That means you can work your way through entire categories of Challenges: apps, crypto, forensics, stego, web clients and servers, and so forth. This is a blast. Don’t take my word for it. Go see. There’s an active and helpful community with …

[ Hacker Night School ] :: Sites To Practice Hacking: HackThisSite.org

Glenn Norman
This entry is part 1 of 5 in the series [ Sites Where You Can Hack ]

HackThisSite is the perfect place to start this list of online hacking platforms. It’s been around a long time, and has a really active community. Of course, the specific flavor of hacking you’ll pursue here is web application testing. The domain name doesn’t lie: you’re welcome to try most kinds of mapping, testing and cracking …