The best security training environment for developers and AppSec professionals.
OWASP SamuraiWTF is a complete linux desktop for use in application security training. It is free and open-source, distributed both as pre-built VMs and as source code. The source is consisting of a Vagrantfile, static assets, and build scripts. During the build process, it retrieves a variety of tools and training targets. Most of these are open-source projects managed by their own respective teams and contributors.
Some examples are:
- OWASP Juice Shop
- OWASP Zed Attack Proxy
It also includes some proprietary software, such as the Community Edition of PortSwigger's Burp Suite.
This project is not a vulnerable application. It is a framework designed for quickly configuring training virtual machines with tools and vulnerable application targets. For example, an instructor could use SamuraiWTF to easily set up a virtual machine image containing OWASP ZAP and OWASP Juice Shop, and then distribute it to each student as a training lab environment.
This project includes and uses the Samurai Katana project to manage installation and running of tools and targets in the virtual environment.