vulnerable-web-app

There are 10 repositories under vulnerable-web-app topic.

• OWASP / wrongsecrets

  Vulnerable app with examples showing how to not use secrets

  hashicorp-vaultterraform-awsjavakubernetessecretssecrets-managementvaultdevsecopssecurityawsgcpterraform-gcpazureterraform-azurectfvulnerable-web-appdockerkeepassowasp
  Language:Java 1158

• OWASP / OWASP-VWAD

  The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

  appsecvulnerable-web-appvulnerable-web-applicationvulnerableowasp
  826
• VAmPI

  erev0s / VAmPI

  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

  apiapi-restsecurity-toolsvulnerable-web-app
  Language:Python 824

• OWASP / Vulnerable-Web-Application

  OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

  vulnerable-web-appwebphpsql-injectionxss-vulnerabilitycommand-executionfile-uploaddirectory-traversalxsssql
  Language:PHP 327

• Checkmarx / capital

  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

  apisecurityctfvulnerable-web-app
  Language:CSS 258
• UnSAFE_Bank

  lucideus-repo / UnSAFE_Bank

  Vulnerable Banking Suite

  cybersecuritysecurity-vulnerabilitylearnvulnerability-assessmentlearning-by-doingsecurity-testingmobile-securityapplication-securityethical-hackingwhitehathackingvulnerable-applicationsvulnerable-webservervulnerable-android-appsvulnerable-ios-appsvulnerable-web-app
  Language:PHP 139
• template-injection-workshop

  GoSecure / template-injection-workshop

  Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

  templateinjectionappsecvulnerable-web-appcodelabsfreemarkerjinja2twigvelocitytornado
  Language:CSS 119

• lunasec-io / Spring4Shell-POC

  This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

  spring4shellspring4shell-pocvulnerable-web-app
  Language:Python 103

• appsecco / sqlinjection-training-app

  A simple PHP application to learn SQL Injection detection and exploitation techniques.

  vulnerable-appsowasp-top-10sql-injectionexploitappsectraining-appweb-securityapplication-securityvulnerable-web-appowasp-top-ten
  Language:PHP 94

• TheTwitchy / vulnd_xxe

  A server vulnerable to XXE that can be used to test payloads using the xxer tool.

  vulnerable-web-appjavaxml
  Language:Java 25

• sec4you / VulnLabs

  docker-compose bringing up multiple vulnerable applications inside containers.

  docker-composevulnerable-containervulnerabilitiesvulnerable-applicationvulnerable-web-appvulnerabledocker
  18

• OWASP / www-project-vulnerable-web-applications-directory

  The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

  owaspappsecwebappsecvulnerable-web-appvulnerable-applicationsvulnerable-web-application
  Language:HTML 16

• karimtariqx / HackerStories

  This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.

  bugbountycybersecuritypenetration-testingpentestingvulnerabilityvulnerable-web-app
  Language:PHP 15

• OWASP / www-project-vulnerable-flask-app

  OWASP Foundation Web Respository

  flaskvulnerable-appvulnerable-applicationvulnerable-flask-appowaspowasp-top-10pythonowasp-vulnerable-flask-apprest-apivulnerable-web-appvulnerable-web-applicationvulnerable-restvulnerable-rest-apivulnerable-web-applicationsvulnerable-web-serverweb-pentestweb-hackingweb-pentest-lab
  Language:HTML 13
• vfapi

  naryal2580 / vfapi

  Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

  fastapivulnerablevulnerable-web-appvulnerable-applicationvulnerable-apiowasp-top-10owasp-top-tenowasp-top-ten-2021owasp-top-10-2021webappsqlnosqlrest-api
  Language:Python 9

• OSTEsayed / OSTE-Vulnerable-Web-Application

  Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

  cross-site-scriptingcyber-securityos-command-injectionphpsqlsql-injectionvulnerable-web-appweb-securityweb-vulnerabilityxss-vulnerability
  Language:PHP 9

• omarkurt / ssjs

  SSJS Web Shell Injection Case

  ssjs-webvulnerableinjection-casevulnerable-web-app
  Language:JavaScript 8
• VulnerableLightApp

  Aif4thah / VulnerableLightApp

  Vulnerable API for educational purposes

  vulnerablevulnerable-web-appvulnerable-apihackingpentestapivulnerabilitiesvulnerabilityvulnerability-researchvulnerable-applicationvulnerable-applicationsvulnerable-web-applicationcybersecurity-educationdotneteducational-projecthacking-competitionsvulnerable-serverweb-apihacking-challengeowasp-top-10
  Language:C# 7

• Serhatcck / server-side-prototype-pollution

  A website developed with Nodejs. This website includes server side prototype pollution vulnerability

  nodejsprototype-pollutionvulnerable-web-appserver-side-prototype-pollution
  Language:CSS 7

• wishtack / wishtack-websheep

  ⛔️deprecated and replaced by https://github.com/marmicode/websheep

  csrfjwtdemoattackinfosecsecurityvulnerable-web-appdiscovercors
  Language:JavaScript 6

• yusufarbc / DockerVuln

  A TUI enviorment for vulnerable app containers.

  dockertuivulnerable-applicationvulnerable-containervulnerable-web-app
  Language:Shell 4

• bocajspear1 / mlprtc

  A very vulnerable "medical" web app. Just look at the name.

  vulnerablevulnerable-web-app
  Language:PHP 3

• manuelz120 / extremely-vulnerable-flask-app

  Intentionally vulnerable Python / Flask application, built for educational purposes.

  flaskowasp-top-10python3securitysecurity-trainingvulnerable-web-app
  Language:Python 3

• qwqoro / Mail-Injection

  📧 [Research] E-Mail Injection: Vulnerable applications

  arbitraryarticlecommand-injectioncrlf-injectionemailemail-injectionimapinjectioninjection-attacksinjectionsinput-validationmailresearchsecuritysmtpvulnerabilitiesvulnerable-appvulnerable-applicationvulnerable-web-appvulnerable-web-application
  Language:HTML 3

• sanogotech / Vulnerable-Flask-App

  Erlik 2 - Vulnerable-Flask-App

  appsecflaskhackingowasppenetration-testingvulnerabilitiesvulnerablevulnerable-apivulnerable-flask-appvulnerable-web-appweb-securitywebpentest
  Language:Python 3

• UsagiB4 / Vulnerable-Machines-for-Pentesting-and-Hacking

  This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you

  gojsphppythonvulnerable-appvulnerable-applicationvulnerable-containervulnerable-web-app
  3

• bocajspear1 / super-cool-community

  A really cool community web application... that's vulnerable (Made for CNY Hackathon 2019)

  vulnerablevulnerable-web-appwebappcny-hackathonvulnerabilityvulnerable-web-application
  Language:PHP 2

• DotDotSlashRepo / vulnrestdocker

  Vulnerable REST based PHP webservice deployed in Docker

  phpvulnerable-containervulnerable-web-apprest-apiintentionally-vulnerable
  Language:CSS 2

• jib1337 / websandbox

  Small forum website for practicing basic web exploits.

  hackingvulnerablevulnerable-web-app
  Language:PHP 2

• knightr1d3r007 / OWASP_IOTgoat_for_A5-V11_mini_router

  IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.

  iot-applicationiot-devicevulnerable-appvulnerable-web-apppentestingpentesting-iot
  2

• r888800009 / vulnerable-cgi-login-example

  A buffer overflow vulnerable CGI program

  vulnerable-web-appvulnerablecgi-applicationvulnerable-container
  Language:C 2

• sec-zone / vuln_app

  Another vulnerable application for practicing web penetration testing.

  vulnerabilitiesvulnerabilityvulnerable-web-appvulnerable-applicationvulnerable-appvulnerable-containerpenetration-testingpentestingdjango-application
  Language:Python 2

• TheStarkster / Vulnerable-Operations

  A Website with vulnerabilities

  websecurityhackingpenetration-testingvulnerable-web-app
  Language:PHP 2

• viorage / OWASP-Juice-Shop

  Bash script to install docker and OWASPs juice-shop vulnerable webapp. Run this and browse to http://localhost:3000

  owasp-juice-shopinstallation-scriptdocker-installationowasp-top-10vulnerable-web-applicationvulnerable-web-appvulnerable
  Language:Shell 2

• wwt9829 / CSEC-380-Project

  Vulnerable web application created by students using Travis CI, Docker, Flask, and Agile

  student-projectvulnerable-web-appagiletest-driven-developmentdevopsflask
  Language:Python 2

• Hritikpatel / InsecureTrust_Bank

  "InsecureTrust_Bank: Educational repo demonstrating web app vulnerabilities like SQL injection & XSS for security awareness. Use responsibly.

  php8vulnerabilitiesvulnerable-web-appvulnerable-web-applicationweb
  Language:PHP 1