OWASP_Broken_Web_Apps_VM_1.1 released - collection of vulnerable web applications on Virtual Machine

Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.

Features
  • OWASP
  • Virtual Machine
  • Vulnerable Web Apps
More information about the project can be found at http://www.owaspbwa.org/ The VM can be downloaded as a .zip file or as a much smaller .7z 7-zip Archive. BOTH FILES CONTAIN THE EXACT SAME VM! We recommend that you download the .7z archive if possible to save bandwidth (and time). 7-zip is available for Windows, Mac, Linux, and other Operating Systems. !!! This VM has many serious security issues. We strongly recommend that you run it only on the "host only" or "NAT" network in the virtual machine settings !!!
Version 1.1 - 2013-07-30 - Updated Mutillidae, Cyclone, and WAVSEP - Updated OWASP Bricks and configured it to pull from SVN - Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include Lua support - Increased VM's RAM allocation to 1Gb - Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP) - Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional

Source-