Hacker Contests / War Games
- Hackertest
- HackThisSite
- Hellbound Hackers
- Over the Wire wargames
- How2Hack
- Hax.tor
- Try2Hack (lt)
- Try2Hack (nl)
- Hackerslab
- HackQuest
- Mod-X
- Ha.ckers.org challenge 1
- Ha.ckers.org challenge 2
- Roothack
- RootContest
- Enigma Group
- Hackxor
- Smash the Stack
- WeChall
- Net-force.nl
- Trythis0ne
- Certified Secure
- Careercup
- This is Legal
- Security Overide
- Dare your mind
- SlyFx
Deliberately Vulnerable Websites
- Acunetix testpage (php)
- Acunetix testpage (asp)
- Acunetix testpage (asp.net)
- IBM Rational testpage
- HP Freebank online
- Cenzic Crackme Bank
- nMap testpage
Deliberately Insecure Applications
- OWASP WebGoat
- OWASP Vicnum
- OWASP Site Generator
- OWASP Insecure WebApp
- OWASP Broken WebApp
- Hacme Shipping
- Hacme Casino
- Hacme Books
- Hacme Travel
- Hacme Bank
- HacmeBank (OWASP fork)
- WebMaven
- IronGeek Multidea
- Damn Vulnerable WebApp (DVWA)
- Stanford Securibench
- BodgeIt
- Butterfly Security Project
- Badstore
- WackoPicko
Deliberately Insecure Distributions
- Bonsai Moth
- Damn Vulnerable Linux
- DeICE LiveCD's
- Web Security Dojo
- LAMP Security
- Metasploitable
- HolyNIX
- pWnOS
Vulnerable 'real' applications
Testing Tools
Security Tool Suites
- Kali Linux
- Backtrack (no longer maintained; use Kali instead)
- OWASP WTE
- Samurai WTF
- Web Security Dojo
- Katana
- DEFT (Forensics)
- REMnux (malware analysis)
- Network Security Toolkit
Frameworks / Testing resources
- Vulnerability Assessment Pentest Framework
- Penetration Testing Execution Standard
- OWASP Testing Guide
- OWASP O2 Platform
- Web Application Security Scanner Evaluation Criteria
- CAPEC
Security Models
