OWASP Broken Web Applications - Getting Started
After watching @NahamSec (Ben Sadeghipour) twitch interview with @Jhaddix (Jason Haddix), both legendary people in the bugbounty scene today, where Jason Haddix shared about some ‘crash course’ he make his mentees go through to learn about web pentesting: OWASP Broken Web Application.
The fanboy in me immediately embarked on this training myself. I really want to learn more about how attacking webapp works, this training is one of the todo list just because Jason Haddix mentioned it. Its free and anyone can do it.
Setting it up
- Download from VM https://sourceforge.net/projects/owaspbwa/files/1.2/
- Using VMWare > Open a Virtual Machine > Select .vmx file
- If prompted select ‘I copied it’
- Configure network settings to ‘host only’ (its vulnerable webapps and shouldn’t be exposed to public unless you like to invite hackers in!)
- Start the VM and hack away!
I document the walkthrough as I progress here https://github.com/refabr1k/owasp-bwa-solutions