NinjaDVA – Our Training Environment
For our IT security trainings we offer a comfortable training environment. This can be used flexibly. Whether on site or via the Internet, we can adapt completely to the needs of our customers. In addition, the training participants do not have to set up anything and can use their own laptops and their individual work and development environment.
Unlike all other implementations, our lab is designed to be used by many participants simultaneously during training sessions.
The NinjaDVA (is not just another damn vulnerable application) is the framework of the training environment and offers the possibility to flexibly boot and integrate new VMs with different vulnerabilities at any time. The entry point of the environment is a dashboard that runs various widgets that communicate with the vulnerable VMs. In addition, the training schedule can be viewed and the lecture content can be tracked specifically for our training offerings. Our customers get an excellent insight into the mindset of a real attacker, because they put themselves in his role.
The participants of our Secure Coding training courses can, in addition to searching for and exploiting vulnerabilities, correct and test the source code of the applications themselves. Furthermore, the participants can communicate with the trainer directly via the application in order to ask specific questions.
The NinjaDVA is an OpenSource project and you are all welcome to contribute to it or to make improvements. You can find the project in the public repository at Github: https://github.com/mgm-sp/NinjaDVA
Our colleague Benjamin Kellermann also presented the project at the OWASP Day 2017. Further information can be found at: https://www.owasp.org/index.php/German_OWASP_Day_2017
Do you want to refresh or deepen your knowledge or simply get to know our training environment? Please feel free to contact us!
New Can I Trust Test Case: Browser returns secret out of pre-cached response in a CORS-Request
#1 – New Can I Trust Test Case – Browser returns secret out of pre-cached response in a CORS-Request
Update – WordPress Author Security
Update: Our WordPress Author Security Plugin is now available in the WordPress Plugin Store.
WordPress Author Security
How can you actively prevent usernames from being enumerated on WordPress author pages?
Pentest FAQ – #18 and #19 – How are vulnerabilities found evaluated? And what is the CVSS?
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today: Questions #18 and #19 – How are vulnerabilities found evaluated? And what is the CVSS?
Attack Afternoon – CSRF Countermeasures #2
CSRF Countermeasures #2: Another way to protect against CSRF – stateless – is the Double Submit Cookie method.