📋
A Journey From IT to IT Security
  • IT Training Resources
  • IT Security Roles
    • Web Application Security Specialist
      • Training Guide
      • Self-hosted Training Lab
        • Vulnerable Web Apps
      • Web Security testing Methodology
        • 1 Footprinting
        • 2 Scanning
        • 3 Enumeration
        • 4 Gaining Access
        • 5 Maintain Access
        • 6 Covering Tracks
        • 7 Vulnerability assessment
    • DevSecOps Engineer
      • Training Guide
      • Building a DevSecOps CD/CI Pipeline
        • Self-hosted DevOps CD/CI platforms
        • Software Component Analysis (SCA)
        • Static Application Security Testing (SAST)
        • Dynamic Application Security Testing (DAST)
        • System Hardening
        • System Compliance Analysis
        • Vulnerability Analysis
      • Ready-to-use and train DevSecOps CD/CI Pipeline
    • Chief Information Security Officer (CISO)
    • Digital Forensics Investigator
      • Forensics Methodology
    • Cloud Security Engineer
      • Getting started with kubernetes
  • Resources
    • IT Basics
      • Networking Basics Study Guide
      • RBAC / ABAC
      • Anonymous Surfing
      • Python Programming
      • Infrastructure as code
      • Containers
        • Docker
        • Docker security
      • The Security Development Lifecycle (SDL)
    • Literature
    • Useful Tool Tutorials
    • Useful Online Tools
    • Exploits
  • Unsorted
    • Gitlab-ci with docker-compose
Powered by GitBook
On this page
  1. IT Security Roles
  2. Web Application Security Specialist

Self-hosted Training Lab

PreviousTraining GuideNextVulnerable Web Apps

Last updated 3 years ago

I created my home penetration testing lab with existing virtual machines from pentester labs because they are relatively small. You can download the ISO images directly from the web page.

There are more machines available on

Once you run one of these machine, run sudo ifconfig eth0 192.168.x.x in a terminal to set a new ip address. Also think about setting the network of the VM with the vulnerable web app to host-only.

Another option is to install a vulnerable web app on your host machine if you know what you are doing. You don't want to break your host. You can also install the web apps on a clean virtual machine:

https://pentesterlab.com/exercises
https://www.vulnhub.com/
Vulnerable Web Apps