mutillidae
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets. (by webpwnized)
awesome-appsec
A curated list of resources for learning about application security (by paragonie)
Our great sponsors
| mutillidae | awesome-appsec | |
|---|---|---|
| 5 | 6 | |
| 1,171 | 6,086 | |
| - | 2.0% | |
| 7.8 | 0.0 | |
| 3 months ago | 8 months ago | |
| PHP | PHP | |
| GNU General Public License v3.0 only | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
mutillidae
Posts with mentions or reviews of mutillidae.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-11-15.
-
If you're looking for resources pertaining to hands-on practical demonstrations of learned skills and tools/techniques, look no further.
There's also a bunch of intentionally vulnerable Webapps and VMs aimed at demonstrating potential footholds and common exploits leading to owning of the host including but not limited to: bWAPP, Damn Vulnerable Web App, WebGoat, Metasploitable 3, Mutillidae, Juice Shop
- Web App Pentesting Course
-
What is the best linux distro for begginers?
I would recommend getting an Ubuntu server VM and installing Mutillidae (and/or OWASP Juice Shop). First learn how to configure and harden your Ubuntu server. Then add it to an internal network with a few other VMs and examine what happens, how they communicate, etc. Then open up your Kali and have some fun with Mutillidae or Juice Shop.
-
Teaching question: making an unsafe site available to students?
We use OWASPs Mutillidae.
-
Question
The WAHH contains a pretty solid baseline for understanding web vulnerabilities, but the latest version is from 2011 so it's missing a decade of new techniques. It's not a terrible place to start since a lot of the fundamentals haven't changed in a while, but you'll definitely want to look into things like (as mentioned in another comment) the Web Security Academy as a next step. Other fun options are the OWASP Juice Shop and Mutillidae applications.
awesome-appsec
Posts with mentions or reviews of awesome-appsec.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-05-31.
-
Aside from OWASP, are there other relevant certs to get for App Sec?
For resources : https://github.com/paragonie/awesome-appsec
-
Cybersecurity Repositories
AppSec
-
Resources to learn secure coding? App Sec and Web Sec?
Here is a repo of some resources. You are going to need to learn to walk before you run so that at a concrete level you can articulate what secure vs insecure code is and why it matters, then dive into appsec. No disrespect intended but from the way this is written my suggestion would be to focus on computer science foundational concepts as well as spending significant time writing and reading code. This will likely be a several year journey if you are a total beginner but the best time to start is now :)
- Information and learning resources for cryptography newcomers
-
Anyone in AppSec (Application Security)?
Come over to /r/devsecops to get more information about the field. Also, there are lots of good sources, you can get some from my blog, or Awesome AppSec, or Security Prince and other places.
- I'm preparing for the interview and I've curated a list of resources that might be helpful for you also.
What are some alternatives?
When comparing mutillidae and awesome-appsec you can also consider the following projects:
DVWA - Damn Vulnerable Web Application (DVWA)
API-Security-Checklist - Checklist of the most important security countermeasures when designing, testing, and releasing your API
juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
UnSAFE_Bank - Vulnerable Banking Suite
Open-Source-Security-Guide - Open Source Security Guide. Learn all about Security Standards (FIPS, CIS, FedRAMP, FISMA, etc.), Frameworks, Threat Models, Encryption, and Benchmarks.
see awesome-security - A collection of awesome software, libraries, documents, books, resources and cools stuffs about security.
flexio-web-app - Flex.io Web App
labs - This is a collection of tutorials for learning how to use Docker with various tools. Contributions welcome.
WhatWeb - Next generation web scanner
SecureCodingDojo - The Secure Coding Dojo is a platform for delivering secure coding knowledge.
laravel-electron - Making Laravel desktop application using Electron Js
Security_Engineer_Interview_Questions - Every Security Engineer Interview Question From Glassdoor.com
mutillidae vs DVWA
awesome-appsec vs API-Security-Checklist
mutillidae vs juice-shop
awesome-appsec vs UnSAFE_Bank
mutillidae vs Open-Source-Security-Guide
awesome-appsec vs see awesome-security
mutillidae vs flexio-web-app
awesome-appsec vs labs
mutillidae vs WhatWeb
awesome-appsec vs SecureCodingDojo
mutillidae vs laravel-electron
awesome-appsec vs Security_Engineer_Interview_Questions