Cybersecurity Lab

Web Application Security Auditing.

Create your Own CyberSecurity Lab

It should be a goal for anyone interested in pursuing a career in the IT sector. An old server from a couple of years ago should be sufficient and affordable. Check >>>/g/hsg for more information

Here's some products you can deploy to exercise as Blue (Analysis) or Red (Penetration)

OWASP Webgoat

Perfect for Absolute Beginners. It includes step by step explanations.

• https://github.com/WebGoat/WebGoat

Damn Vulnerable Java (EE) Application

Java web applications are the bread and butter of global business aplications. If you are going to work in the security business unit of a corporation or working as a freelancer bug hunter for public programs, you got 80% chance that you are going to be auditing a Java Spring Boot web applicaitons

• https://github.com/appsecco/dvja

JavaSpring Vulny

Made by people from Stackhawk that it is in the midst of an effort to boost Zap Attack Proxy. It is a more advanced web application but also very barebones. Many teams around the world are implementing their own endpoints into it to develop their own proof of concepts.

• https://github.com/kaakaww/javaspringvulny

OWASP Juice Shop

Angular front, nodejs back. is quite a nice application to work with. It has a scoring system and an achievement detection list that helps track when challenges the user has overcome.

• https://github.com/juice-shop/juice-shop

Port Swigger Gin and Juice Store

Similar to the previous OWASP Juice Shop previously mentioned but you cannot deploy as individual, private instance

• https://ginandjuice.shop/

Port Swigger Labs

Almost 256 web labs for the OWASP Top 10 with different difficulty levels

• https://portswigger.net/web-security/all-labs

Language to look up to?

Go, which has a strong focus on network operations.