vulnerable-web-app
There are 64 repositories under vulnerable-web-app topic.
OWASP/wrongsecrets
Vulnerable app with examples showing how to not use secrets
erev0s/VAmPI
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
OWASP/OWASP-VWAD
:warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
OWASP/Vulnerable-Web-Application
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
Checkmarx/capital
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
lucideus-repo/UnSAFE_Bank
Vulnerable Banking Suite
GoSecure/template-injection-workshop
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
appsecco/sqlinjection-training-app
A simple PHP application to learn SQL Injection detection and exploitation techniques.
lunasec-io/Spring4Shell-POC
This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).
OWASP/www-project-vulnerable-web-applications-directory
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Aif4thah/VulnerableLightApp
Vulnerable API for research and education
TheTwitchy/vulnd_xxe
A server vulnerable to XXE that can be used to test payloads using the xxer tool.
sec4you/VulnLabs
docker-compose bringing up multiple vulnerable applications inside containers.
karimtariqx/HackerStories
This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.
OSTEsayed/OSTE-Vulnerable-Web-Application
Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.
qwqoro/Mail-Injection
📧 [Research] E-Mail Injection: Vulnerable applications
OWASP/www-project-vulnerable-flask-app
OWASP Foundation Web Respository
naryal2580/vfapi
Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021
dev-angelist/WebSafeHub---Vulnerable-Web-App
WebSafeHub - Vulnerable Web App
UsagiB4/Vulnerable-Machines-for-Pentesting-and-Hacking
This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you
omarkurt/ssjs
SSJS Web Shell Injection Case
Serhatcck/server-side-prototype-pollution
A website developed with Nodejs. This website includes server side prototype pollution vulnerability
anotherik/ThreatByte
ThreatByte is a vulnerable Python (Flask) web application designed to demonstrate some Web Application and API Security risks.
Hritikpatel/InsecureTrust_Bank
"InsecureTrust_Bank: Educational repo demonstrating web app vulnerabilities like SQL injection & XSS for security awareness. Use responsibly.
wishtack/wishtack-websheep
⛔️deprecated and replaced by https://github.com/marmicode/websheep
manuelz120/extremely-vulnerable-flask-app
Intentionally vulnerable Python / Flask application, built for educational purposes.
cerberauth/api-vulns-challenges
Provide a collection of deliberately vulnerable APIs along with corresponding challenges to help enhancing their skills in identifying, exploiting, and securing API vulnerabilities.
firdauskhairuddin/lekir-docker
LEKIR - Vulnerable by design to help people learn about common web security, dockerized!
sanogotech/Vulnerable-Flask-App
Erlik 2 - Vulnerable-Flask-App
yusufarbc/DockerVuln
A TUI enviorment for vulnerable app containers.
bocajspear1/mlprtc
A very vulnerable "medical" web app. Just look at the name.
jib1337/websandbox
Small forum website for practicing basic web exploits.
knightr1d3r007/OWASP_IOTgoat_for_A5-V11_mini_router
IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.
Snbig/Vulnerable-Pages
Intentionally Vulnerable Pages for OWASP ASVS Security Evaluation Templates with Nuclei Project. https://snbig.github.io/Vulnerable-Pages/
sec-zone/vuln_app
Another vulnerable application for practicing web penetration testing.