Web Security Dojo is a turnkey web application security lab with tools,
targets, and training materials built into a Virtual Machine(VM).
It is ideal for both self-instruction and training classes since
everything is pre-configured and no external network connection is
needed. All tools and targets are configured to use non-conflicting
ports and a Firefox proxy switcher is set up to match.
* OWASP WebGoat
* Damn Vulnerable Web App
* Hacme Casino
* OWASP InsecureWebApp
* custom PHP scripts including REST and JSON labs
* Burp Suite (free version)[Thanks to Portswigger for permission to
* OWASP Skavenger
* OWASP Dirbuster
* helpful Firefox add-ons
Video intro: Introducing Web Security Dojo