WebGoat VS metasploitable3

WebGoat and Juice Shop are two "deliberately insecure" applications containing hundreds of security vulnerabilities for you to find and exploit, including SQL injections. Both projects provide extensive educational material to guide you.

Click Save and then Run. If your codebase doesn’t have an OWASP critical bug, the pipeline should execute successfully. To enforce a fail on this OWASP scan, use a codebase with known vulnerabilities like WebGoat and you’ll see the OWASP scanner in action.

There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop

Bro, i recommend you to create your own labs using vmware or virtualbox. There are so many VM images out there that was created for educational purposes. For example https://www.vulnhub.com/ has multiple VM images. You can test your skill by downloading and importing to your Virtual platform. Also, take consider to solve all problems in WebGoat and DVWA images.

I highly recommend studying for more than just the cert. Get comfortable with cybersecurity itself. My biggest recommendation would be WebGoat. This also works great alongside studying for the sec+. https://owasp.org/www-project-webgoat/ Completely free and intentionally built to be insecure and help you learn and apply security concepts and use security tools. Also try https://tryhackme.com/ -> Both free.

I'm using latest version which you can find at https://github.com/WebGoat/WebGoat/releases/tag/v2023.4

If you want to learn more check out the following resources: - OWASP top 10 (common security issues and what to do about them): https://owasp.org/www-project-top-ten/ - webgoat (pentest training): https://owasp.org/www-project-webgoat/ - https://safestack.io/ - really good software security training (I had in person training from them before their online resources were available, but haven't tried the online courses myself) - My personal favourite book on crypto is Applied Cryptography by Wiley, but I'm not a cryptographer, just an engineer - If anyone has more beginner-friendly resources then please comment

There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop

Note: to practice, you don;t have to attack real targets which are very hard for a beginner anyways.Use a vulnerable on purpose vm to train specific skills.

Set this up, have fun: Metasploitable 3

Op, this is good. But if you want to make your existing DC vulnerable, you can just make download the software rapid7 did to make this box https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities

Metasploitable is a virtual machine image that includes lots of vulnerabilities (on purpose) and that can be used to learn how to hack into a machine.

If you want to do offensive security like penetration testing, learn some tools like Burp Suite and Metasploit and point them at a vulnerable Linux distro. While you're doing that, find some local security user groups and start attending so you can find out about openings right away. The job is to run automated and manual tests against specific hosts and write reports about what you find. A technical writing course is a big benefit here.

you know what i mean

Metasploitable https://github.com/rapid7/metasploitable3 and as someone else also mentioned OWASP's vulnerable/broken apps