📙
AppSec
  • Overview
  • Write Ups Compilations/Resources
  • Main Resources
  • Labs
  • Cross Site Request Forgery
    • Cross Site Request Forgery (CSRF)
      • Write-ups
      • Source Code Examples
      • Labs
  • Missing Access Controls
    • Missing Access Controls
      • Write-ups
      • Source Code Examples
      • Resources
      • Testing Tips
  • LFI / Directory Traversal
    • Local File Inclusion
      • Local File Inclusion Writeups
      • Source Code Examples
      • Labs
  • XXE
    • XML External Entity (XXE)
      • Write-ups
      • Source Code Examples
      • Labs
      • More Writeups
      • Payloads
      • Resources
  • Injection
    • Command Injection
      • Writeups
    • Server-Side Template Injection
      • Server-Side Template Injection Writeups
      • More Write-ups
      • Source Code Examples
      • Labs
      • Resources
      • Payloads
      • Tools
    • SQL Injection
      • SQLI Write-ups
      • Source Code Examples
      • More Write-ups
      • Labs
      • Resources & Tools
  • SSRF
    • Server-Side Request Forgery (SSRF)
      • SSRF Write-ups
      • Source Code Review
  • Unvalidated Redirects and Forwards
    • Unvalidated Redirects and Forwards
      • Writeups
      • Source Code Examples
  • Verbose Error Messages and Stack Traces
    • Verbose Error Messages and Stack Traces
      • Write-ups
Powered by GitBook
On this page

Labs

PreviousMain ResourcesNextCross Site Request Forgery (CSRF)

Last updated 4 years ago

Was this helpful?

CtrlK

Was this helpful?

Online:

  • OWASP Juice Shop

  • Home of Acunetix Art

  • Firing Range

  • XSS game

  • Web Application Exploits and Defenses

  • Hackazon

Offline

  • https://github.com/appsecco/dvna

  • bWAPP, or a buggy web application

  • Bricks is a web application security learning platform built on PHP and MySQL

  • eoftedal/deserialize: Vulnerable Spring MVC API

DVWA - Damn Vulnerable Web Application
snoopysecurity/dvws: Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.
secvulture/dvta: Damn Vulnerable Thick Client App
interference-security/DVWS: OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
OWASP/NodeGoat: The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
OWASP/railsgoat: A vulnerable version of Rails that follows the OWASP Top 10
sqlmapproject/testenv: A collection of web pages vulnerable to SQL injection flaws
Audi-1/sqli-labs: SQLI labs to test error based, Blind boolean based, Time based.
WebGoat/WebGoat: WebGoat 8.0
s4n7h0/xvwa: XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
OWASP Vulnerable Web Applications Directory | OWASP Foundation
Logo