EPISODE · Nov 11, 2025 · 14 MIN
Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 1: Installing Burp Suite, OWASP BWA, and Bee-Box (Bwapp)
from CyberCode Academy · host CyberCode Academy
In this lesson, you’ll learn about:Setting up a web security testing lab to practice web application security, pentesting, and exploiting common web vulnerabilities.Burp Suite — installation & overview: Java requirement (Oracle Java), download from portswigger.net, available editions: Community (free, limited/no scanners/payloads) and Professional (paid, includes passive/active scanners and built-in payloads), and installation options (Windows executables or cross-platform JAR).OWASP Broken Web Applications (BWA): purpose as a vulnerable VM for learning and testing; requires VirtualBox and is imported as a ready OS image (no new VM creation); includes apps like WebGoat and Mutillidae; default VM credentials (root / OWSP DWA).Bee-Box (Bwapp) VM: Bee-Box ships with bwapp (deliberately insecure web app) for hands-on practice; covers OWASP Top 10 flaws and other common issues; practice modes (low/medium/high); downloaded from SourceForge and run in virtualization software (e.g., VMware); access via VM IP and default bwapp creds (B / bug).Practical workflow: use Burp Suite as the main inspection/proxy tool against the vulnerable VMs (BWA, Bee-Box) to practice discovery, exploitation, and remediation techniques.Learning goal / metaphor: this episode provides your core toolkit — the primary assessment tool (Burp Suite) and two practice targets (BWA and Bee-Box) for safe, repeatable skill development.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy
What this episode covers
In this lesson, you’ll learn about:Setting up a web security testing lab to practice web application security, pentesting, and exploiting common web vulnerabilities.Burp Suite — installation & overview: Java requirement (Oracle Java), download from portswigger.net, available editions: Community (free, limited/no scanners/payloads) and Professional (paid, includes passive/active scanners and built-in payloads), and installation options (Windows executables or cross-platform JAR).OWASP Broken Web Applications (BWA): purpose as a vulnerable VM for learning and testing; requires VirtualBox and is imported as a ready OS image (no new VM creation); includes apps like WebGoat and Mutillidae; default VM credentials (root / OWSP DWA).Bee-Box (Bwapp) VM: Bee-Box ships with bwapp (deliberately insecure web app) for hands-on practice; covers OWASP Top 10 flaws and other common issues; practice modes (low/medium/high); downloaded from SourceForge and run in virtualization software (e.g., VMware); access via VM IP and default bwapp creds (B / bug).Practical workflow: use Burp Suite as the main inspection/proxy tool against the vulnerable VMs (BWA, Bee-Box) to practice discovery, exploitation, and remediation techniques.Learning goal / metaphor: this episode provides your core toolkit — the primary assessment tool (Burp Suite) and two practice targets (BWA and Bee-Box) for safe, repeatable skill development.You can listen and download our episodes for free on more than 10 different platforms:https://linktr.ee/cybercode_academy
NOW PLAYING
Course 1 - BurpSuite Bug Bounty Web Hacking from Scratch | Episode 1: Installing Burp Suite, OWASP BWA, and Bee-Box (Bwapp)
No transcript for this episode yet
Similar Episodes
Dec 23, 2025 ·11m
Dec 17, 2025 ·10m