Introduction to the OWASP Mutillidae II Web Pen-Test Training Environment

Web application penetration testing is composed of numerous skills which require 'hands on' practice to learn. To prepare for certification exams, master concepts learned in training, and practice pen testing, a deliberately vulnerable web application is needed. While several excellent applications exist, very few provide many types of web application vulnerabilities in a single platform. In particular, having both traditional vulnerabilities plus vulnerable web services in the same platform is rare (Eston, Abraham, and Johnson, 2011). Additionally, features such as automated recovery, built-in hints, and varying levels of difficulty are not found within the same target framework.The OWASP Mutillidae II Web Pen-Test Training Environment provides an environment to practice exploits against approximately forty documented vulnerabilities. Two vulnerabilities are exposed as web services. Mutillidae II delivers tutorials, supporting videos, and database reset functionality. The system is designed to assist students, exam candidates, and professionals in mastering web application security testing.