I recommend that participants download and install the Web Security Dojo from Maven Security Consulting before arriving at the workshop. The Dojo is a Ubuntu virtual machine that contains a number of open source security tools and several web applications with intentional security issues that are useful in learning to identify security vulnerabilities. As a virtual machine, the Dojo is a safe, isolated environment for running such tests that cannot affect other systems and that is unreachable by outside attackers.
The Web Security Dojo is available for both the freely available Oracle VirtualBox virtualation platform (which runs on Windows, OS X, or Linux systems) and for the VMWare family of virtualation products.
Downloading and Installing
Before installing the Web Security Dojo you will first need to download and install VirtualBox (version 3.2 or later is required; the current version as of this writing is 4.1.4). Then download the latest VirtualBox version of the Dojo from Sourceforge (currently version 1.2). Then follow Maven's installation instructions or their video tutorial.
If you already have a flavor of VMWare installed on your machine, download the VMWare version of Dojo and follow this instructional video.
One thing to note that isn't immeadiately apparent in Maven's instructions is that wherever you unzip the virtual machine is where it will run, so be sure to place it somewhere where it won't get in the way (I recommend somplace like [My] Documents/Virtual Machines).
If you have trouble with either part of the installation, I can help you with it during the workshop. Please be sure to download both files beforehand, however, as they are large and conference wi-fi is not always the most reliable.