Purposeful Learning With Deliberately Insecure Applications
Most people learn better with hands-on purposeful learning. But learning Hacking and Web Security becomes challenging to do without breaking laws. Several applications have been created that are intentionally insecure. Virtualization and Containers have accelerated this. It has become easier to create, break and destroy applications – learning along the way.
Dozens are available Here are some examples from OWASP®*:
- crAPI simulates a platform for vehicle owners where they can register and manage their vehicles. It is an intentionally vulnerable application. It is filled with API vulnerabilities for teaching, learning, and practicing API security.
- IoTGoat is a deliberately insecure firmware based on OpenWrt. If you aren’t familiar, OpenWrt is a Linux operating system targeting embedded devices. This is another platform maintained by OWASP®. A great way to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
- WebGoat allows interested developers to test vulnerabilities common to Java-based applications that use common/popular open source components. There also is WebGoatPHP for the PHP space. Several others exist for other platforms or languages.
Perspective is a key concept here. For example, with crAPI it isn’t “to figure out how the APIs work.” Come at it as “how can I use these for very bad things™?” Those very bad things™ extend beyond directly stealing money or information. This stolen information can later be used for Social Engineering in creative ways. With that Social Engineering even more damage can be done.
Want to learn a bit more about Information Security? Check these applications out!
- OWASP® = Open Web Application Security Project