Introduction to the OWASP Mutillidae II Web Pen-Test Training Environment

by Jeremy Druin Sept. 1, 2017 via SANS Institute

Web application penetration testing is composed of numerous skills which require “hands on” practice to learn. To prepare for certification exams, master concepts learned in training, and practice pen testing, a deliberately vulnerable web application is needed. While several excellent applications exist, very few provide many types of web application vulnerabilities in a single platform. In particular, having both traditional vulnerabilities plus vulnerable web services in the same platform is rare (Eston, Abraham, & Johnson, 2011). Additionally, features such as automated recovery, built-in hints, and varying levels of difficulty are not found within the same target framework.