Network Security

Vulnerable Web Application for Hacking

6 Jun , 2013  

Are you a newbie in hacking world? Want to practice your hacking skills? The biggest problem I’ve faced every time I want to learn about hacking other than it’s not easy to learn the tools is I have a difficult time trying to find a victim for my practice sessions. Surely I can’t try to hack any sites I found on google since it will be against the law. Should I try to make a custom web application for this? Nah, it’s too time consuming and I’m not sure everything will work. Luckily, somehow I found myself in a web page which contain a link to a web application based on PHP and MySQL called mutillidae.

So, what does this mutillidae do? It basically is just a normal web application written in PHP and use MySQL server as its database. The best thing about it is, it has been customized to include a lot of security vulnerabilities for you to practice your hacking skills. Some example of its vulnerabilities are SQL injection, Cross Site Scripting, Remote File Inclusion, and many more. So I guess us newbies should really thank this irongeek guy for taking his time to create mutillidae. I even used it for my undergraduate theses project by combining it with HIHAT to create a honeypot website. You just need a machine with web server and MySQL server running to deploy mutillidae.

I’ve also managed to find some more vulnerable web application for hacking practice. They are:

  • OWASP Hackademic Challenges Project
    OWASP Hackademic is the easiest to use for newbies in my opinion. Mostly because it is very famous so you can find many tutorials in google. It also divides itself in some levels of problems from 1 trough 10.
  • Exploit KB
    Exploit KB is focused on SQL injection vulnerabilites. It is very easy to deploy and use. The interesting part is it includes some video for tutorial
  • SQLol
  • Damn Vulnerable Web App

Satrio G. Nugraha

Satrio is a self-proclaimed technology geek. He is currently employed by IBM Indonesia as an IT Specialist which handles IBM xSeries servers, IBM zSeries mainframes and multi vendor network devices. He listens to various kinds of musics (he personally believes that music should not be put into boxes such as genres and everybody is free to listen to whatever kind of music whenever they feel like it).

Latest posts by Satrio G. Nugraha (see all)

, , , , , , , , , ,


Leave a Reply

Your email address will not be published. Required fields are marked *