Web App Security Training

TryHackMe | OWASP Juice ShopTryHackMe

TryHackMe | OWASP Mutillidae IITryHackMe

TryHackMe | WebGOATTryHackMe

Vulnerable Web Applications you can spin on your localhost

GitHub - API-Security/APISandbox: Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.GitHub

GitHub - OWASP/crAPI: completely ridiculous API (crAPI)GitHub

GitHub - dolevf/Damn-Vulnerable-GraphQL-Application: Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.GitHub

GitHub - juice-shop/juice-shop: OWASP Juice Shop: Probably the most modern and sophisticated insecure web applicationGitHub

GitHub - digininja/DVWA: Damn Vulnerable Web Application (DVWA)GitHub

GitHub - roottusk/vapi: vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.GitHub

GitHub - s4n7h0/xvwa: XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.GitHub

bWAPP, a buggy web application!

GitHub - moeinfatehi/xss_vulnerability_challenges: this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.GitHub

GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure applicationGitHub

GitHub - OWASP/railsgoat: A vulnerable version of Rails that follows the OWASP Top 10GitHub

GitHub - webpwnized/mutillidae: OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software. A containerized version of the application is available as a companion project.GitHub

KNOXSS Add-on Test Page

GitHub - OWASP/NodeGoat: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.GitHub

GitHub - OWASP/SecurityShepherd: Web and mobile application security training platformGitHub

GitHub - Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.GitHub