refabr1k

refabr1k

OWASP Broken Web Applications - Getting Started

less than 1 minute read

After watching @NahamSec (Ben Sadeghipour) twitch interview with @Jhaddix (Jason Haddix), both legendary people in the bugbounty scene today, where Jason Haddix shared about some ‘crash course’ he make his mentees go through to learn about web pentesting: OWASP Broken Web Application.

The fanboy in me immediately embarked on this training myself. I really want to learn more about how attacking webapp works, this training is one of the todo list just because Jason Haddix mentioned it. Its free and anyone can do it.

Setting it up

  1. Download from VM https://sourceforge.net/projects/owaspbwa/files/1.2/
  2. Using VMWare > Open a Virtual Machine > Select .vmx file
  3. If prompted select ‘I copied it’
  4. Configure network settings to ‘host only’ (its vulnerable webapps and shouldn’t be exposed to public unless you like to invite hackers in!)
  5. Start the VM and hack away!

I document the walkthrough as I progress here https://github.com/refabr1k/owasp-bwa-solutions

You may also enjoy

SANS Kringlecon 2022 - Jolly CI/CD

7 minute read

Merry Christmas! Someone told me about SANS holiday hack challenge (KringleCon 2022!) https://www.sans.org/mlp/holiday-hack-challenge/ and I’ve been having a...

HTB - Freelancer

3 minute read

This HTB challenge is great for learning SQL injection! While you could also do it easily with SQLmap, I prefered doing it with Manual approach. Though time ...