NinjaDVA – Our Training Environment
For our IT security trainings we offer a comfortable training environment. This can be used flexibly. Whether on site or via the Internet, we can adapt completely to the needs of our customers. In addition, the training participants do not have to set up anything and can use their own laptops and their individual work and development environment.
Unlike all other implementations, our lab is designed to be used by many participants simultaneously during training sessions.
The NinjaDVA (is not just another damn vulnerable application) is the framework of the training environment and offers the possibility to flexibly boot and integrate new VMs with different vulnerabilities at any time. The entry point of the environment is a dashboard that runs various widgets that communicate with the vulnerable VMs. In addition, the training schedule can be viewed and the lecture content can be tracked specifically for our training offerings. Our customers get an excellent insight into the mindset of a real attacker, because they put themselves in his role.
The participants of our Secure Coding training courses can, in addition to searching for and exploiting vulnerabilities, correct and test the source code of the applications themselves. Furthermore, the participants can communicate with the trainer directly via the application in order to ask specific questions.
The NinjaDVA is an OpenSource project and you are all welcome to contribute to it or to make improvements. You can find the project in the public repository at Github: https://github.com/mgm-sp/NinjaDVA
Our colleague Benjamin Kellermann also presented the project at the OWASP Day 2017. Further information can be found at: https://www.owasp.org/index.php/German_OWASP_Day_2017
Do you want to refresh or deepen your knowledge or simply get to know our training environment? Please feel free to contact us!
CSRF stands for “Cross-Site Request Forgery” and is a classic among web application attacks. With this attack, it is possible to perform certain user actions without them noticing it. But how exactly does this attack work?
At the it-sa 2019 we will present our innovative consulting concept Lean Application Security.
Our second office is located in Dresden, the capital of Saxony. Come have a look at our office there!
With the topic “How practical is DevSecOps really? – A field report” our colleague Maximiliane Zirm is present at this year’s Heise devSec.
In our Big Application Security Penetration Test FAQ for clients we answer everything you should know before, during and after the commissioning of an Application Security Penetration Test.
In focus today: : Questions #7 and #8 – What is a penetration test? And what is it not?