By definition, hacking is the practice of altering the features of a system, to accomplish a goal which is not in scope of the purpose of its creation. As a result, the last few decades has seen an increase in demand for ethical hackers (also known as white hat hackers or penetration testers), as they protect the computer systems from dangerous intrusions. Ethical hacking helps businesses and government-related organizations better protect its system and information and are seen as part of an organization’s overall security efforts. Ethical hacking is also a way to check thefts and make information less vulnerable to outside malicious hackers. In order to understand the loopholes and vulnerabilities in the system, developers and security professionals need to know their opponent. But, how can you do that without compromising your integrity? There are several legal sites online that allows you to enhance your hacking skills, access challenges, games and other resources and also understand hacking to protect their online assets and improve their code. In this article, we bring to you top 10 vulnerable sites to legally practice your hacking skills. However, please note that this list is by no means comprehensive.
- BodgeIt Store The BodgeIt Store is a vulnerable web application and a great way to get speed up your skills, which is currently aimed at people who are new to pen testing. This web application is full of OWASP top 10 vulnerabilities such as SQL injection, debug code, cross site scripting, insecure object references, and cross site request forgery. It is also suitable to learn manual code and teaches you how to recognize exploitable vulnerabilities. The Bodgelt Store is also very easy to install, as it just requires java and a servlet engine, e.g. Tomcat. It is also an open source, cross platform, and database independent offering.
- Try2Hack This is a very good site that allows you to work your way through 13 levels of hacking challenges to disclose a username and password to access the next level, which gets gradually more difficult. There is no option to skip to the harder levels, if you are a more experienced programmer. However, this should give you good confidence shot in the arm. If you are a beginner, you may seek help from fellow programmers through the IRC channel or access the GitHub repo if the forum doesn’t provide any help. Whether you want to enhance your hacking skills with a simple game or sign up to one of the more feature-rich websites offering challenges, forums and articles, there are a variety of options available for novices as well as experienced users to legally practice hacking.
- Slavehack Slavehack is a free, multi-player simulation game where you can play defensively or offensively to collect the best hardware and software to turn the computers you protect or hack into your “slaves” to increase the high score rankings. While no hacking skills is required for this game as such, it is included in the list as it can assist security professionals in looking at their systems from a hacker’s perspective and defend them accordingly.
- EnigmaGroup Whether you decide to learn how to hack, or enhance your existing skill set, this challenge-based site is a massive online resource and the perfect place to be for those who want to know their enemy and wants to defeat their enemy. With more than 200 security-based articles, more than 300 hacking challenges, and almost 50,000 members, EnigmaGroup provides a wide collection of vulnerabilities, starting with the OWASP top 10. If you need further help, there is also a great assortment of forums for general tech discussions and a variety of hacking topics, as well as an IRC chatroom.
- Peruggia Security pros and developers can learn about and try out common attacks on web applications on this legit site. Anyone who wants to learn how to locate and limit security issues found within their code can download this project. Even though it is created in image gallery form, it contains numerous controlled vulnerabilities to practice on.
- Hack.me Hack.me, which has a tagline “the house of the rising sandbox”, is a community-based project where anyone can build, host and share vulnerable web apps. Powered by eLearnSecurity, it is an interesting and free site with lofty goals to be the most exhaustive collection of ‘runnable’ vulnerable CMSs, code samples and web applications online. There are three basic options for those interested in exploring the site. You can run a vulnerable web app on the fly, upload your own piece of code to share with the community or take a back seat and explore the trends on the site to find out what other users are hacking. You can also switch your privacy settings to make your apps private from the wider community and remove your code at any time.
- Juice Shop Juice Shop is a well-designed and purposefully insecure JavaScript Web App to help teach developers and testers to identify certain security issues. The app is suitable for pen testing in Angular, Node and Express and security awareness training. It’s also enjoyable to play around with and if you want more information on how the app was made and what it does, there’s even a SlideShare available.
- Hack This Site HackThisSite.org, commonly referred to as HTS, is an online hacking and security website that gives you hacking news as well as hacking tutorials. It aims to provide developers and security professionals with a way to learn and practice basic and advanced “hacking” skills through a series of challenges, security-related articles, resources and forums in a safe and legal environment. This hacking training ground also allows external submissions, should you want knowledge share and submit your own lecture or article.
- Hackxor Hackxor is a web app hacking game, where players must locate and exploit vulnerabilities to progress through the story, where you play a professional blackhat hacker looking to hunt down another hacker by hook or crook. According to the site, the focus is on realism and difficulty. The game features vulnerabilities modelled from Mozilla and Google, open ended play, and an HtmlUnit-based attack simulation where you can send unlucky in-game users malicious messages by exploiting XSS and CSRF. The users are allowed to try before they buy with an online demo.
- HackThis!! HackThis!! also otherwise known as “the Hacker’s Playground” is another weighty player in the online hacking training space. Similar to Hack This Site, HackThis!! features a community of 250,000+ like-minded souls, plenty of challenges (some 50+ levels), and an assortment of articles covering all aspects of technology and security. If you are a beginner in the world of hacking and want to catch up quickly with the latest hacking practices, the state of the online security industry as well as a range of vulnerabilities, this is the place where you need to be. Source: Techtree