Damn Vulnerable Web Application
TryHackMe
Hack The Box
VulnHub
PentesterLab
LetsDefend
Hackbox
PwnTillDawn Online Battlefield
Burp Suite
Nessus
Qualys
OpenVAS
Sqreen
Netsparker
AlienVault USM (from AT&T Cybersecurity)
Acunetix Vulnerability Scanner
Damn Vulnerable Web Application Burp SuiteDamn Vulnerable Web Application might be a bit more popular than Burp Suite. We know about 13 links to it since March 2021 and only 12 links to Burp Suite. We are tracking product recommendations and mentions on various public social media platforms and blogs. They can help you identify which product is more popular and what people think of it.
I would start with something like DVWA: https://dvwa.co.uk/. Source: about 2 years ago
When you've got that, do some web-based challenges. The Damn Vulnerable Web Application is a great start as it has a little bit of everything. Start with Cross-Site Scripting, for example. Google it. Look at write-ups. Look at the solution for your current challenge, but it is important that you figure out why it works. As you go along with DVWA you will come across PHP and SQL. So google those and learn and... Source: about 2 years ago
Yes, the top 10 is a good place to start and pick a category from. For practice and demonstration you can use https://owasp.org/www-project-juice-shop/ or https://dvwa.co.uk/. Source: over 2 years ago
Https://dvwa.co.uk/ Several difficulty levels on each topic. Source: over 2 years ago
It's not a distro, but you might still find DVWA (Damn Vulnerable Web Application) interesting. It's a PHP/MySQL-based web app, with the same goal as the distro you mentioned. Source: over 2 years ago
Check https://portswigger.net, they have learning material and labs about this topic. Source: over 1 year ago
I ask about serving websites because understanding how a web server works (very basically) with a browser or any client is a huge step in understanding HTTP, host headers, and even host header attacks (if you're into that sort of thing.. As an aside I did a quick google search and https://portswigger.net/ showed up.. Apparently they have interactive labs and very informative documentation on various attack... Source: over 1 year ago
As you are quite new to the hobby, I would definitely recommend you go to portswigger.net academy. They give you a quite thorough understanding in all the fundamentals and they have labs set up where you can practice everything you learn at each step. The best part is you can learn at your own pace and it's all free. Source: over 1 year ago
Connect your PC (with Burp Suite installed) and Android to the same network. > Note — Here my PC’s IP is 192.168.43.20 and Android’s IP is 192.168.43.180. - Source: dev.to / almost 2 years ago
Web App Security Academy is free through Portswigger. Which is great coverage to learn End-to-End how to find vulnerabilities in a web application yourself. After you get thru that, there's DVWA and Juice Shop... And you can even find these as rooms on TryHackMe if you don't want to self-host it. However, the Web App Security Academy is basically the live-learning environment for the Web App Hackers Handbook...... Source: almost 2 years ago
TryHackMe - TryHackMe is an online platform for learning and teaching cyber security, all through your browser.
Nessus - Nessus Professional is a security platform designed for businesses who want to protect the security of themselves, their clients, and their customers.
Hack The Box - An online platform to test and advance your skills in penetration testing and cyber security.
Qualys - Qualys helps your business automate the full spectrum of auditing, compliance and protection of your IT systems and web applications.
VulnHub - VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer applications and network administration tasks.
OpenVAS - The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools...