search

Vulnerable Web Apps

hashtag
Java

LogoGitHub - CSPF-Founder/JavaVulnerableLab: Vulnerable Java based Web ApplicationGitHubchevron-right

I recommend installing it with docker (you need docker-compose as well). Inside the project directory run

hashtag
WebGoat Java Web App

git clone https://github.com/hamhc/WebGoat-7.1.git webapp

hashtag
Python

Get https://github.com/stamparm/DSVWarrow-up-right or a dockerized app https://github.com/anxolerd/dvpwaarrow-up-right

hashtag
Php

Damn Vulnerable Web App. To get it on your machine I recommend to use the docker image, so you don't need to configure it https://hub.docker.com/r/vulnerables/web-dvwa/arrow-up-right

bWAPP - buggy web application

http://www.itsecgames.com/arrow-up-right has over 100 vulnerabilities

hashtag
Javascript

Juice Shop is written in Node.js, Express and Angular. Get it on https://github.com/bkimminich/juice-shoparrow-up-right

circle-check

More vulnerable web apps can be found in a curated list here https://owasp.org/www-project-vulnerable-web-applications-directory/arrow-up-right

PreviousSelf-hosted Training LabNextWeb Security testing Methodology

Last updated