BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation (www.cysecurity.org). It can be used to learn about many different types of web application vulnerabilities.
Currently, the app contains the following types of vulnerabilities:
- SQL Injection
- XSS(includes Flash Based xss)
- CSRF
- Clickjacking
- SSRF
- File Inclusion
- Code Execution
- Insecure Direct Object Reference
- Unrestricted File Upload vulnerability
- Open URL Redirection
- Server Side Includes(SSI) Injection and more...