Labs

OWASP Vulnerable Web Applications Directory | OWASP Foundation

Online:

• OWASP Juice Shop

• Home of Acunetix Art

• Firing Range

• XSS game

• Web Application Exploits and Defenses

• Hackazon

Offline

• https://github.com/appsecco/dvna
• bWAPP, or a buggy web application
• Bricks is a web application security learning platform built on PHP and MySQL
• eoftedal/deserialize: Vulnerable Spring MVC API
• DVWA - Damn Vulnerable Web Application
• snoopysecurity/dvws: Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.
• secvulture/dvta: Damn Vulnerable Thick Client App
• interference-security/DVWS: OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
• OWASP/NodeGoat: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
• OWASP/railsgoat: A vulnerable version of Rails that follows the OWASP Top 10
• sqlmapproject/testenv: A collection of web pages vulnerable to SQL injection flaws
• Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
• WebGoat/WebGoat: WebGoat 8.0
• s4n7h0/xvwa: XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.