📋
A Journey From IT to IT Security
  • IT Training Resources
  • IT Security Roles
    • Web Application Security Specialist
      • Training Guide
      • Self-hosted Training Lab
        • Vulnerable Web Apps
      • Web Security testing Methodology
        • 1 Footprinting
        • 2 Scanning
        • 3 Enumeration
        • 4 Gaining Access
        • 5 Maintain Access
        • 6 Covering Tracks
        • 7 Vulnerability assessment
    • DevSecOps Engineer
      • Training Guide
      • Building a DevSecOps CD/CI Pipeline
        • Self-hosted DevOps CD/CI platforms
        • Software Component Analysis (SCA)
        • Static Application Security Testing (SAST)
        • Dynamic Application Security Testing (DAST)
        • System Hardening
        • System Compliance Analysis
        • Vulnerability Analysis
      • Ready-to-use and train DevSecOps CD/CI Pipeline
    • Chief Information Security Officer (CISO)
    • Digital Forensics Investigator
      • Forensics Methodology
    • Cloud Security Engineer
      • Getting started with kubernetes
  • Resources
    • IT Basics
      • Networking Basics Study Guide
      • RBAC / ABAC
      • Anonymous Surfing
      • Python Programming
      • Infrastructure as code
      • Containers
        • Docker
        • Docker security
      • The Security Development Lifecycle (SDL)
    • Literature
    • Useful Tool Tutorials
    • Useful Online Tools
    • Exploits
  • Unsorted
    • Gitlab-ci with docker-compose
Powered by GitBook
On this page
  • Java
  • WebGoat Java Web App
  • Python
  • Php
  • Javascript
  1. IT Security Roles
  2. Web Application Security Specialist
  3. Self-hosted Training Lab

Vulnerable Web Apps

PreviousSelf-hosted Training LabNextWeb Security testing Methodology

Last updated 3 years ago

Java

I recommend installing it with docker (you need docker-compose as well). Inside the project directory run

$ docker-compose up

WebGoat Java Web App

git clone https://github.com/hamhc/WebGoat-7.1.git webapp

Python

Php

$ docker run --rm -it -p 80:80 vulnerables/web-dvwa

bWAPP - buggy web application

Javascript

docker pull bkimminich/juice-shop
docker run --rm -p 3000:3000 bkimminich/juice-shop

Get or a dockerized app

Damn Vulnerable Web App. To get it on your machine I recommend to use the docker image, so you don't need to configure it

has over 100 vulnerabilities

Juice Shop is written in Node.js, Express and Angular. Get it on

More vulnerable web apps can be found in a curated list here

https://github.com/stamparm/DSVW
https://github.com/anxolerd/dvpwa
https://hub.docker.com/r/vulnerables/web-dvwa/
http://www.itsecgames.com/
https://github.com/bkimminich/juice-shop
https://owasp.org/www-project-vulnerable-web-applications-directory/
LogoGitHub - CSPF-Founder/JavaVulnerableLab: Vulnerable Java based Web ApplicationGitHub