Test Vulnerability Skill
List of offline and downloadable vulnerable web applications for Penetration and Security Testing with that can be installed on a standard operating system (Linux, Windows, Mac OS X, etc) using a standard web platform (Apache/PHP, Tomcat/Java, IIS/.NET, etc).
- The BodgeIt Store (Java): http://code.google.com/p/bodgeit/
- The ButterFly Security Project (PHP): http://sourceforge.net/projects/thebutterflytmp/
- bWAPP - an extremely buggy web application! (PHP): http://www.mmeit.be/bwapp/
- Damn Vulnerable Web Application - DVWA (PHP): http://www.dvwa.co.uk
- Damn Vulnerable Web Services - DVWS (PHP): http://dvws.secureideas.net
- OWASP Hackademic Challenges Project (PHP): https://www.owasp.org/index.php/OWASP_Hackademic_Challenges_Project
- Google Gruyere (Python): http://google-gruyere.appspot.com
- Hacme Bank (.NET): http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx
- Hacme Books (Java): http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx
- Hacme Casino (Ruby on Rails): http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx
- Hacme Shipping (ColdFusion): http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx
- Hacme Travel (C++): http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx
- OWASP Insecure Web App Project (Java): https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project
- Mutillidae (PHP): http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
- OWASP .NET Goat (C#): https://owasp.codeplex.com
- Peruggia (PHP): http://peruggia.sourceforge.net
- Puzzlemall (Java): https://code.google.com/p/puzzlemall/
- Stanford Securibench (Java) & Micro: http://suif.stanford.edu/~livshits/securibench/
- SQLI-labs (PHP): https://github.com/Audi-1/sqli-labs
- SQLol (PHP): https://github.com/SpiderLabs/SQLol
- OWASP Vicnum Project (Perl & PHP): https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project
- VulnApp (.NET): http://www.nth-dimension.org.uk/blog.php?id=88
- WackoPicko (PHP): https://github.com/adamdoupe/WackoPicko
- OWASP WebGoat (Java): https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
- OWASP ZAP WAVE - Web Application Vulnerability Examples (Java): http://code.google.com/p/zaproxy/downloads/list
- Wavsep - Web Application Vulnerability Scanner Evaluation Project (Java): https://code.google.com/p/wavsep/
- WIVET - Web Input Vector Extractor Teaser: https://code.google.com/p/wivet/
Like it ? Share it.