Coming back to “OWASP Practice”, OWASP released a list of top 10 vulnerabilities. “OWASP Top 10 Web Application Vulnerabilities 2013” is one of the most popular projects by OWASP. The project starts with explaining every vulnerability in as easy words as possible, along with vulnerable demo applications and videos demonstrating the vulnerability in action. OWASP Practice has been built with the OWASP Top 10 Web Application Vulnerabilities in mind. It is a virtual machine which hosts custom web applications which are vulnerable to OWASP Top 10 vulnerabilities. Every vulnerability has one or more practice lessons associated with it which can be used to exploit and trigger the vulnerability. Along with that, every lesson has a tutorial linked to it which can be accessed anytime to learn how the vulnerability is triggered and how to exploit it. Every lesson tutorial has screenshots in it for better understanding. Adding to the tutorials, videos demonstrating the vulnerabilities are also available for download separately. Features of OWASP Practice:

Boot-to-Pwn VM with vulnerable web applications Categorized lessons for OWASP vulnerabilities Custom-made vulnerable practice lessons Lessons covering everything from logic of vulnerability to how to trigger vulnerability Tutorials explaining the vulnerability and its solution Videos to demonstrate vulnerability in action Source code and SQL file available

A few things that might come handy are:

Mozilla Firefox Firefox Addons Firebug Live HTTP Headers Tamper Data User-Agent Switcher Cookie Manager+ BurpSuite

Screenshots: Main Page of OWASP Practice:

OWASP Top 10 Vulnerabilities:

XSS Vulnerability description and lessons:

One of the lessons of XSS vulnerability:

Tutorial of XSS vulnerability:

Fill out the form below to for the OwaspPractice File Download: 

Downloads include:

OwaspPractice Virtual Machine OwaspPractice Source Code and SQL file OwaspPractice Vulnerability Demo Videos

User Credentials: Local User Accounts: Username: root Password: toor Username: owasppractice Password: owasppractice Phpmyadmin: Username: root Password: NO_PASSWORD Joomla Administrator: Username: admin Password: admin