OWASP Samurai Web Training Framework

OWASP SamuraiWTF

The best security training environment for Developers and AppSec Professionals

About

OWASP SamuraiWTF is a complete linux desktop for use in application security training. It is free and open-source, distributed both as pre-built VMs and as source code. The source consists of a Vagrantfile, static assets, and build scripts. During the build process, it retrieves a variety of tools and training targets. Most of these are open-source projects managed by their own respective teams and contributors. Some examples are:

  • OWASP Juice Shop
  • OWASP Zed Attack Proxy
  • Mutillidae
  • SQLMap

It also includes some proprietary software, such as the Community Edition of PortSwigger's Burp Suite.

OWASP SamuraiWTF welcomes and encourages issues on the GitHub repository for bugs and enhancements. If you have the skills to contribute, pull requests are also always welcome.

History

OWASP SamuraiWTF was created in August of 2008. Originally it was a bootable environment designed to provide web application testing tools. The goal was to mimic Backtrack (Now Kali) but focus only on the tools used during a web penetration test. The bootable ISO was hosted on Sourceforge, and updated as the team found time. Over the years this bootable ISO was retired and virtual machines became the primary distribution.

Around 2016, the SamuraiWTF project team made two big changes. First, the project was moved to Github to enable better coordination between developers. The team also started to focus more on building out a training environment, instead of just trying to build a testing platform. This is because knowledge sharing is a core part of the team's ethics and fits perfectly the open source concepts.

The current version 5.0 is based on Vagrant. This allows the team to support multiple environments and platforms. For example, the main branch supports being built in AWS and as a local virtual machine.

Core Contributors

Kevin Johnson

Kevin Johnson

Kevin Johnson is the Chief Executive Officer of Secure Ideas. Kevin has a long history in the IT field including system administration, network architecture and application development. He has been involved in building incident response and forensic teams, architecting security solutions for large enterprises and penetration testing everything from government agencies to Fortune 100 companies. In addition, Kevin is a faculty member at IANS and was an instructor and author for the SANS Institute.

Jason Gillam

Jason Gillam

Jason Gillam is Chief Information Officer (CIO) at Secure Ideas and an IANS faculty member. He has over 20 years of industry experience in enterprise software development, system architecture, and application security. Jason has spent most of his career in technical leadership roles ranging from startups to fortune 100 companies and has learned the business acumen necessary to advise everyone from developers to senior executives on security and architecture.

Mic Whitehorn-Gillam

Mic Whitehorn-Gillam

Mic Whitehorn-Gillam is a senior security consultant for Secure Ideas. Before entering the information security field he spent about a decade in web application architecture and development, and nearly five years in systems integration consulting. He possesses broad knowledge across many programming languages ranging from legacy COBOL to enterprise Java and C# to modern Ruby, Python, and JavaScript.

Alumni

Justin Searle

Sponsors