Now a day’s most of students and professions want to learn cyber security. But problems is that they don’t find any appropriate place where they can practice on cyber security. So that they can test and enhance their security skills. The skills may be related to web application security, network security or another field of cyber security.
If they practice on any real time application or machine of any organization or individual then they may be in trouble. Because without taking permission if we test any organization or individual’s application or machine then it is illegal and that come under cyber-crime activity.
Now question is that how security professionals or students can enhance their cyber security skills and where they can practice related to security fields. The answer is Vulnerable Virtual Machines.
What are Vulnerable Virtual Machines?
Vulnerable virtual machines are a special type of virtual machine. These type of machines have thousands of vulnerability inside it. So students or professionals can test their cyber security skills and also enhance their skills. They provide a safe way so students or professionals can practice on any field of cyber security.
The vulnerable virtual machine looks like real machine/applications. They provide all functionality that is provided by real machine/application. To establish a real penetration testing lab will very costly. We need all hardware and software but in a virtual lab, we need the only simulation of hardware and software. So that cost of hardware will be removed.
The benefit of Vulnerable Virtual Machine
- Very cheap to the establishment penetration testing lab.
- A full penetration testing lab will be developed within a single computer
- During penetration testing, if virtual machine crashed then we can recover easily.
- Look likes real time application/machine.
- We can customize virtual machine as we required.
- Design any real time scenario using a virtual machine.
- Some vulnerable application is available online so no need of installation.
Examples of Virtual Machine
1. Vulnerable Web Application
The vulnerable web application is real time web application. That have vulnerability inside it. So students or security professionals can download these machine into the own system and perform security testing against it. Some of the web application is also available on the internet so we not need to download them. We can directly start testing them online without taking permission from the owner.
- Damn Vulnerable Web App (DVWA) - http://www.dvwa.co.uk/
- BodgeIt Store - http://code.google.com/p/bodgeit/
- Foundstone Hackme Bank - http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
- OWASP BWA - http://code.google.com/p/owaspbwa/
2. Vulnerable Machine for Network Penetration Testing
If we want to improve our security skills in the network then these machines help us. We need to download the vulnerable image and run using any virtualization software.
- Metasploitable - http://sourceforge.net/projects/virtualhacking/files/os/metasploitable/
- Pentester Lab - https://www.pentesterlab.com/exercises/
3. Virtual Machine Images
If we want to design our own virtual lab then we need different operating system image. So we can download these image from different sources.
- VirtualBoxes - http://virtualboxes.org/images/
4. Old Applications
If we want to enhance our skills in security testing of software then we need to download some old version of the software application. Because these have some inbuilt vulnerability in it.
- Old Apps - http://www.oldapps.com/
5. Vulnerable Mobile Application
If we want to perform security testing against mobile application then we need to download some vulnerable mobile application.
- Damn Vulnerable Android App (DVAA) - https://code.google.com/p/dvaa/
- OWASP iGoat - http://code.google.com/p/owasp-igoat/
So these are some vulnerable virtual machine. Any students or security professions can download them and start security testing to improve their skills.
Authored By - Manish Gupta
TCS Cyber Security Practice