NinjaDVA – Our Training Environment

Nov 6, 2019

For our IT security trainings we offer a comfortable training environment. This can be used flexibly. Whether on site or via the Internet, we can adapt completely to the needs of our customers. In addition, the training participants do not have to set up anything and can use their own laptops and their individual work and development environment.
Unlike all other implementations, our lab is designed to be used by many participants simultaneously during training sessions.

The NinjaDVA (is not just another damn vulnerable application) is the framework of the training environment and offers the possibility to flexibly boot and integrate new VMs with different vulnerabilities at any time. The entry point of the environment is a dashboard that runs various widgets that communicate with the vulnerable VMs. In addition, the training schedule can be viewed and the lecture content can be tracked specifically for our training offerings. Our customers get an excellent insight into the mindset of a real attacker, because they put themselves in his role.


NinjaDVA - Our Training Environment

The participants of our Secure Coding training courses can, in addition to searching for and exploiting vulnerabilities, correct and test the source code of the applications themselves. Furthermore, the participants can communicate with the trainer directly via the application in order to ask specific questions.

The NinjaDVA is an OpenSource project and you are all welcome to contribute to it or to make improvements. You can find the project in the public repository at Github:

Our colleague Benjamin Kellermann also presented the project at the OWASP Day 2017. Further information can be found at:


Do you want to refresh or deepen your knowledge or simply get to know our training environment? Please feel free to contact us!

Recent posts

Attack Afternoon – CSRF

CSRF stands for “Cross-Site Request Forgery” and is a classic among web application attacks. With this attack, it is possible to perform certain user actions without them noticing it. But how exactly does this attack work?

read more

mgm sp @ Dresden

Our second office is located in Dresden, the capital of Saxony. Come have a look at our office there!

read more

mgm sp @ Heise DevSec

With the topic “How practical is DevSecOps really? – A field report” our colleague Maximiliane Zirm is present at this year’s Heise devSec. 

read more