Vulnerable app with examples showing how to not use secrets
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.
Vulnerable Banking Suite
A simple PHP application to learn SQL Injection detection and exploitation techniques.
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
Vulnerable API for research and education
Zero trust. Zero security. Total exposure. A deliberately vulnerable health tech platform with AI Chatbot for learning about application security and ethical hacking. It contains vulnerabilities from OWASP top 10 Web, API and AI/LLM Security Vulnerabilities. Highly vulnerable, never use in production.
WebSafeHub - Vulnerable Web App
A server vulnerable to XXE that can be used to test payloads using the xxer tool.
Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.
Local PHP/MySQL e-wallet application combined with a hands-on cybersecurity demo lab. Implements user/admin auth, balances, transfers, CSRF protection, session timeouts, login lockout, and hashing. Includes a toggleable Vulnerable/Secure lab to demonstrate XSS and session hijacking with real code and mitigations.
Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.
docker-compose bringing up multiple vulnerable applications inside containers.
This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.
📧 [Research] E-Mail Injection: Vulnerable applications
Add a description, image, and links to the vulnerable-web-app topic page so that developers can more easily learn about it.
To associate your repository with the vulnerable-web-app topic, visit your repo's landing page and select "manage topics."