Last updated 3 years ago
Online:
OWASP Juice Shop
Home of Acunetix Art
Firing Range
XSS game
Web Application Exploits and Defenses
Hackazon
Offline
https://github.com/appsecco/dvna
bWAPP, or a buggy web application
Bricks is a web application security learning platform built on PHP and MySQL
eoftedal/deserialize: Vulnerable Spring MVC API
DVWA - Damn Vulnerable Web Application
snoopysecurity/dvws: Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.
secvulture/dvta: Damn Vulnerable Thick Client App
interference-security/DVWS: OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
OWASP/NodeGoat: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
OWASP/railsgoat: A vulnerable version of Rails that follows the OWASP Top 10
sqlmapproject/testenv: A collection of web pages vulnerable to SQL injection flaws
Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
WebGoat/WebGoat: WebGoat 8.0
s4n7h0/xvwa: XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.