Sandboxes

Everyone has heard the old adage that practice makes perfect. In security nothing is ever perfect, but practicing exploiting vulnerabilities can make it easy to avoid breaches and help make sure that best practices are being followed. One of the best places to do this is in a sandbox environment. A sandbox is a specifically designed area on a server, which is dedicated for testing and experimentation. What this means is that you can't really break it. The system isn't tied to anything important and it's sole purpose if for the user to push it's boundaries. Two pretty good security sandboxes, especially for beginners, can be found at https://google-gruyere.appspot.com/ and www.hackthissite.org/ .

The Gruyere application has been designed by Google to teach people basic weaknesses in web design. It walks the user through several tutorials, which deal in both basic black box and white box hacking. Black box hacking refers to finding weaknesses in a system through, more or less, trial and error. The user basically experiments with inputs and parameters until they find a weak point they can exploit. White box hacking refers to using source code to find bugs in the programming.

Hackthissite is a different kind of web site in that it doesn't offer a walk through for it's challenges and puzzles and it is more of a hacker community project. Essentially you have to sign up to use any of the site's resources, but once you do you are provided with a variety of puzzles and challenges ranging from the most basic to very complicated hacking trials. The site also includes a discussion board for talking about new techniques and bouncing around ideas.

There are many more sites like these, which can be found on the internet. These are just a couple that are pretty well known.