Re: Pentesting lab

[Robert Portvliet <robert.portvliet () gmail com>]

In terms of webapp testing there's GOAT from OWASP, MOTH from Bonsai
Sec, Mutillidae from IronGeek, DVWA (Damn Vulnerable Web App) and the
'HackMe' series from Foundstone.

On the network side there's the De-ICE LiveCD's and DVL (Damn
Vulnerable Linux), also VMWare's marketplace has a bunch of VM images
you can download.





On Thu, Dec 24, 2009 at 9:09 AM, s3c.b3n <securitybender () gmail com> wrote:
> Hi all,
>
> I'm just starting my career a security specialist. I'm interested in
> creating my own penetration testing lab. To test exploits (metasploit
> epically) I need some targets (vulnerable servers). Are there such
> servers (VM images or ISOs) for general services like OWASP for web
> apps? or are there any scripts or applications that can create those
> vulnerabilities.
>
> My main goal is to get familiar with the existing tools.
>
> Thanks
> --
> s3c b3n
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------