Web Application Security: Getting Started with Virtual Box and the Buggy Web App / OWASP’s BWAPP Project.

Today I’m writing about getting experience in web application security.

If you want to learn application security, you can find most of the tools for free online.  You will need to setup a virtual lab environment from which to learn because most of what you’re learning is illegal to do in the real world.
Here are a list of related videos to help you if you’re interested in getting started in the world of web application security.

1. Download and install Virtualbox. Go to YouTube and find a couple of videos on how to install and configure Virtualbox. You will need Virtualbox for creating and managing your virtual computers for your test environment. I’ve included a video on setting up the network configuration for your Virturalbox testing lab so your test computers can all communicate and hack each other.

Video: Configuring Network Settings for your Virtual Box test environment (NAT, Bridged and Internal Networking)

Video: How to Install Kali Linux in Virtual Box

2. Learn what tools IT security professionals use. In this case, learn about Kali Linux and Burpsuite.

Video: How to install Burp-Suite Free Edition

3. Learn about OWASP and the Buggy Web Application (BWAPP) project and get your free virtual PC images for testing.

You may need this video if you end up running sqlmap on your Windows PC. Needs Python 2.7 installed for it to work.

Video: How to Install SQLMap on Windows OS

Download the bee-box virtual machine (VM) image file from SourceForge.net. 

Video: Web Application PenTest w/ the Buggy Web App Project (BWAPP)

4. Find as many web application security videos and courses as you can and try out their techniques.

Author: Rick Cable / AKA Cyber Abyss

A 16 year US Navy Veteran with 25+ years experience in various IT Roles in the US Navy, Startups and Healthcare. Founder of FinditClassifieds.com in 1997 to present and co-founder of Sports Card Collector Software startup, LK2 Software 1999-2002. For last 7 years working as a full-stack developer supporting multiple agile teams and products in a large healthcare organization. Part-time Cyber Researcher, Aspiring Hacker, Lock Picker and OSINT enthusiast.

Leave a Reply