training resources

I have come across numerous useful training resources over the years and will continue to list them here as I uncover more.

I. Free training

Web application

Damn Vulnerable Web App (DVWA) – Purposely vulnerable PHP/MySQL web application: https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/

LAMP Security project: https://www.vulnhub.com/?q=LAMPSecurity&sort=date-des&type=vm

Damn Vulnerable Node Application (DNVA) – purposely vulnerable node.js application: https://github.com/quantumfoam/DVNA

Hackazon – simulated online store with an AJAX interface using RESTful APIs: https://github.com/rapid7/hackazon

OWASP Broken Web Applications Project 1.2– a variety of vulnerable web applications to test: http://sourceforge.net/projects/owaspbwa/files/1.2/

OWASP Appsec Tutorial Series: https://www.owasp.org/index.php/OWASP_Appsec_Tutorial_Series

bWAPP – Buggy PHP app with over 100 issues: http://sourceforge.net/projects/bwapp/ – to self-configure in LAMP or WAMP environment

Pre-installed in Linux VM: https://www.vulnhub.com/entry/bwapp-bee-box-v16,53/

Damn Vulnerable Thick Client (DVTA) – purposely vulnerable thick client application developed in C# .NET: https://github.com/secvulture/dvta

Lessons for DVTA: http://resources.infosecinstitute.com/practical-thick-client-application-penetration-testing-using-damn-vulnerable-thick-client-app-part-1/

OWASP Juice Shop – purposely vulnerable Node.js and Angular application: https://github.com/bkimminich/juice-shop

Mobile

Testing environment setup: http://highaltitudehacks.com/2013/06/16/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/

Damn Vulnerable iOS App (DVIA): https://www.owasp.org/index.php/OWASP_DVIA#tab=Framework

Lessons for DVIA: http://damnvulnerableiosapp.com/#learn

OWASP iGOAT Project: https://www.owasp.org/index.php/OWASP_iGoat_Project#tab=Main

OWASP GoatDroid Project: https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project

OWASP WebGoat Project: https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

OWASP Mobile Top Ten: https://www.owasp.org/index.php/Projects/OWASP_Mobile_Security_Project_-_Top_Ten_Mobile_Risks

Damn Vulnerable Android App:

Setup – http://th3-incognito-guy.blogspot.com/2014/10/hands-on-of-android-damn-vulnerable-app.html

Base application – https://github.com/securitycompass/AndroidLabs/tree/Base

Building a basic mobile app: https://developer.android.com/training/basics/firstapp/index.html

Network

Binary/Reverse Engineering

 

II. Paid Training

Web Application

eLearn Security Web Application Penetration Testing: https://www.elearnsecurity.com/course/web_application_penetration_testing/

eLearn Security Web Application Penetration Testing eXtreme: https://www.elearnsecurity.com/course/web_application_penetration_testing_extreme/

eLearn Security Practice Web Defense: https://www.elearnsecurity.com/course/practical_web_defense/

The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws (book): http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470

The Tangled Web: A Guide to Securing Modern Web Applications (book): http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886

OWASP Top 10 Web Application Security Risks for ASP.NET (PluralSight): http://app.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks

Mobile

eLearn Security Mobile Application Security and Penetration  Testing: https://www.elearnsecurity.com/course/mobile_application_security_and_penetration_testing/

Android Hacker’s Handbook (book): http://www.amazon.com/Android-Hackers-Handbook-Joshua-Drake/dp/111860864X

Android Security Internals: An In-depth Guide to Android’s Security Architecture (book): http://www.amazon.com/Android-Security-Internals-In-Depth-Architecture/dp/1593275811/

iOS Hacker’s Handbook (book): http://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/dp/1118204123/

Hacking and Securing iOS Applications: Stealing Data, Hijacking Software, and How to Prevent It (book): http://www.amazon.com/Hacking-Securing-iOS-Applications-Hijacking/dp/1449318746/

Network

Binary/Reverse Engineering