Jump to content
begood

Vulnerable Web Applications for learning

By begood, in Linkuri

Recommended Posts

begood Newbie

begood

Posted
Posted

Just a quick post. Someone on the ‘NULL’ mailing asked for WebGoat alternatives to learning Web Application penetration testing. The reponse was amazing, with many applications being listed as vulnerable web applications designed for learning web-app pentest. I have collected all vulnerable web applications and listed them below for reference:

1. SPI Dynamics (live) – http://zero.webappsecurity.com/

2. Cenzic (live) – http://crackme.cenzic.com/

3. Watchfire (live) – http://demo.testfire.net/

4. Acunetix (live) – http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com

5. PCTechtips Challenge (live) - http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/

6. Damn Vulnerable Web Application – http://dvwa.co.uk/

7. Mutillidae – http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

8. The Butterfly Security Project – http://sourceforge.net/projects/thebutterflytmp/files/ButterFly%20Project/

9. Hacme Casino – http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm

10. Hacme Bank 2.0 – http://www.foundstone.com/us/resources/proddesc/hacmebank.htm

11. Updated HackmeBank – http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html

12. Hacme Books – http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm

13. Hacme Travel – http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm

14. Hacme Shipping - http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm

15. OWASP WebGoat – http://www.owasp.org/index.php/OWASP_WebGoat_Project

16. OWASP Vicnum – http://www.owasp.org/index.php/Category:OWASP_Vicnum_Project

17. OWASP InsecureWebApp – http://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project

18. OWASP SiteGenerator – http://www.owasp.org/index.php/Owasp_SiteGenerator

19. Moth - http://www.bonsai-sec.com/en/research/moth.php

20. Stanford SecuriBench – http://suif.stanford.edu/~livshits/securibench/

21. SecuriBench Micro – http://suif.stanford.edu/~livshits/work/securibench-micro/

22. BadStore – http://www.badstore.net/

23. WebMaven/Buggy Bank – http://www.mavensecurity.com/webmaven (very old)

24. Exploit-DB – http://www.exploit-db.com/webapps (some vulnerable web applications are provided as downloads)

securitythoughts.wordpress.com

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...