Appliances from the Parallels and VMWare appliance store make it very easy to set up a quick and dirty lab to practice security assessment skills. Want to try a new tool, or test a new approach for assessing a web application? Download an old, out of date, unpatched appliance with an older OS and app and you have a great target.
You can even do this for next to no cost. If you have a pretty beefy workstation or an old box laying around, do a base install of Windows, then install VMWare Player and you have what you need. Our team uses these virtual appliances in on-the-fly games of capture the flag, for skills practice and testing and for looking at new vulnerability patterns and threat vectors.
You will be amazed at just how easy setting up an effective security testing lab is when you combine virtual appliances with Live CDs. Together, they let you turn that machine graveyard behind your desk into a whole new playland. Live CDs are available for a ton of platforms, OS and application deployments. In most cases, you don’t even need a hard disk at all to get them up and running fully. Check them out and see just how far you can extend them into your new lab. Some of my favorites are Damn Small Linux, Puppy Linux, Knoppix, and BackTrack.
Using these two types of cheap approaches, you can build an easy testing lab for less than the cost of a new PC. Give it a shot and let me know how it goes!