CyberSecurity
Search
Ctrl + K
Web App Security Training
Vulnerable Web Applications you can spin on your localhost
Previous
Dumpground
Next
Infrastructure
Last updated
4 months ago
TryHackMe | WebGOAT
TryHackMe
GitHub - OWASP/crAPI: completely ridiculous API (crAPI)
GitHub
TryHackMe | OWASP Juice Shop
TryHackMe
GitHub - API-Security/APISandbox: Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.
GitHub
TryHackMe | OWASP Mutillidae II
TryHackMe
GitHub - juice-shop/juice-shop: OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
GitHub
GitHub - s4n7h0/xvwa: XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
GitHub
GitHub - roottusk/vapi: vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.
GitHub
GitHub - dolevf/Damn-Vulnerable-GraphQL-Application: Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.
GitHub
bWAPP, a buggy web application!
GitHub - digininja/DVWA: Damn Vulnerable Web Application (DVWA)
GitHub
GitHub - moeinfatehi/xss_vulnerability_challenges: this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.
GitHub
GitHub - WebGoat/WebGoat: WebGoat is a deliberately insecure application
GitHub
GitHub - webpwnized/mutillidae: OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software. A containerized version of the application is available as a companion project.
GitHub
GitHub - OWASP/NodeGoat: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
GitHub
KNOXSS Add-on Test Page
GitHub - OWASP/SecurityShepherd: Web and mobile application security training platform
GitHub
GitHub - Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
GitHub
GitHub - OWASP/railsgoat: A vulnerable version of Rails that follows the OWASP Top 10
GitHub