Set up Your Penetration Testing Lab for Web Application Security Testing

To excel at penetration testing, you need to have your lab for practice/research. I would suggest you to use virtual machines which are free in the market. I would go with VMware Workstation rather than Virtualbox, it’s just my personal option. You can choose any one.

Downloads

1. VMware WorkstationClick here to download VMware Workstation

2. Kali Linux isoClick here to download Kali Linux Iso

3. Bee-boxClick here to download bee-box

Why we need Bee-Box

For web application penetration testing we often need a vulnerable application to exploit. We cannot exploit on our operating system instead we need a dummy server. So this bee-box comes in handy and it is a custom Linux VMware virtual machine pre-installed with bWAPP. Bee-box gives you several ways to hack and deface the bWAPP website. This helps security enthusiasts to discover and prevent the issues.There are quite many features in this virtual machine which you will see it once it’s been installed.

Installation

1. First, you need to install VMware in your system. It’s quite easy to install VMware by clicking on ‘Next‘ buttons with default selected options.

2. Now it’s time to install Kali Linux OS on your workstation. Just follow the steps mentioned in the article ‘set up Kali Linux‘

3. Extract bee-box now. You should see a file ‘bee-box’ with (.vmx extension) as shown below. Just double click on it.You should see your Vmware setting up your server. Isn’t it simple?By the way Default user and password: ‘bee‘ and ‘bug‘. And now you should see a screen just like below

Okay now click on the terminal icon and type ‘ifconfig‘ command to get your server address.

Now open your browser in your windows machine and type the http://server IP Address/bWAPP/login.php. (ex: http://192.168.0.4/bWAPP/login.php)

That’s it! Your lab with a vulnerable application is now ready to hack.