How to create Penetration testing lab using OWASP.

It's my Second Post on Penetration Testing Lab, Practicing and learning

Advanced Hacking tricks and Vulnerability Assessment, I have one request to all readers please before creating this Pen-testing lab you must learn to create Pen-testing lab with DVWA in my Previous Post of Pen-testing Lab. Click here to go on.

? What is OWASP ?

                                         The Open Web Application Security Project is an open-source application security project. The OWASP community includes corporations, educational organizations, and individuals from around the world. Click here to go on OWASP website

# What is OWASP Penetration Testing Lab ?

                                    OWASP Penentration testing lab in also called as Top 10 Vulnerability Assessment and Practice. Basically it is created for Pen-testers and to learn about Vulnerability and Advanced Web Application Vulnerabilities components.

? Features of OWASP Top 10Vulnerabilities ?

     You can learn and practice following things :-

1. Injection attacks :

• SQL Injection
• Blind SQL Injection
• HTML Injection
• Frame Source Injection
• Command Injection
• Javascript Injection
• HTTP Parameter Pollution
• Cascading Style Injection
• Cookie Injection
• Buffer Overflow
• XML External Entity Injection

2. XSS Flaw and Vulnerability :

• Reflect XSS 
• Stored XSS
• DOM based XSS
• XSS via HTTP headers
• XSS via Cookie Injection
• XSS via "INPUT" Get/Post
• XSS against JSON
• XSS via XML Injection

3. Broken Authenciation and Session Management :

• Cookie
• Login

4. Insecure Direct Object references :

• Cookie
• Text File
• Source Editor
• Credits
• Arbitrary File Inclusion

5. Cross Site Request Forgery [CSRF]

6. Security Misconfiguration :

• Direct Browsing
• Method Tempering "INPUT" Get/Post

7. Insecure Cryptographic Storage :

• HTML 5 Storage
• User Info

8. Failure of Restrict URL Access :

• Source viewer 
• Robots.txt viewer
• Arbitrary File Inclusion
• "Secret" Administrative Pages

9. Insufficient Transport Layer Protection :

• SSL Misconfiguration

10. Unvalidated Redirects and Forwards :

• Setup reset DB

11. Others vulnerabilities and attacks :

• Malicious file Execution 
• Information leakage and Improper Error handling
• XML Entity Injection
• Local file Inclusion
• Remote File Inclusion
• DDOS (Denial of Service)
• Data Capture etc.

? This pen-testing lab is also called NOWASP (Mutillidae)

Click on Image to Enlarge it

? How to Create OWASP Penetration Testing Lab in       your System

• It is Strongly recommended you to read this article before creating pen-test lab in your system. Click here
  
  
• Watch out bottom video of creating pentest lab into system or follow the below's steps
  
  
• If you had read my previous Pentest lab creating tutorial then go to next step or Click here to learn it
  
  
•  Download and Install XAMPP server in your System with MySQL, Apache server support (while installing it will ask you in options)
  
  
• After Installing Download OWASP Pen-test lab files if the link is not working Click here to dwnld and extract it.
  
  
• After all, go to C:\xampp\htdocs and delete all files from that folder and make it Empty :]
  
  
• Now copy "mutilliade" folder from extract files you have downloaded it, and Paste it in C:\xampp\htdocs.
  
  
• Now just open your browser and type 127.0.0.1 and Hit Enter :]

? Just watch out Below video with Complete installation of XAMPP and OWASP or DVWA Pentest lab.

Creating Pen-test Lab click here to watch it on Video (Large Screeen)

:] Share it & Feel free to comment :]