Labs

OWASP Vulnerable Web Applications Directory | OWASP Foundation

Online:

• OWASP Juice Shop

• Home of Acunetix Art

• Firing Range

• XSS game

• Web Application Exploits and Defenses

• Hackazon

Offline

• https://github.com/appsecco/dvna

• bWAPP, or a buggy web application

• Bricks is a web application security learning platform built on PHP and MySQL

• eoftedal/deserialize: Vulnerable Spring MVC API

• DVWA - Damn Vulnerable Web Application

• snoopysecurity/dvws: Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

• secvulture/dvta: Damn Vulnerable Thick Client App

• interference-security/DVWS: OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.

• OWASP/NodeGoat: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

• OWASP/railsgoat: A vulnerable version of Rails that follows the OWASP Top 10

• sqlmapproject/testenv: A collection of web pages vulnerable to SQL injection flaws

• Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.

• WebGoat/WebGoat: WebGoat 8.0

• s4n7h0/xvwa: XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.