vulnerable-web-app

There are 11 repositories under vulnerable-web-app topic.

• OWASP / wrongsecrets

  Vulnerable app with examples showing how to not use secrets

  hashicorp-vaultterraform-awsjavakubernetessecretssecrets-managementvaultdevsecopssecurityawsgcpterraform-gcpazureterraform-azurectfvulnerable-web-appdockerkeepassowasp
  Language:Java 1203
• VAmPI

  erev0s / VAmPI

  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

  apiapi-restsecurity-toolsvulnerable-web-app
  Language:Python 894

• OWASP / OWASP-VWAD

  The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

  appsecowaspvulnerablevulnerable-web-appvulnerable-web-application
  859

• OWASP / Vulnerable-Web-Application

  OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

  vulnerable-web-appwebphpsql-injectionxss-vulnerabilitycommand-executionfile-uploaddirectory-traversalxsssql
  Language:PHP 345

• Checkmarx / capital

  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

  apisecurityctfvulnerable-web-app
  Language:CSS 270
• UnSAFE_Bank

  lucideus-repo / UnSAFE_Bank

  Vulnerable Banking Suite

  cybersecuritysecurity-vulnerabilitylearnvulnerability-assessmentlearning-by-doingsecurity-testingmobile-securityapplication-securityethical-hackingwhitehathackingvulnerable-applicationsvulnerable-webservervulnerable-android-appsvulnerable-ios-appsvulnerable-web-app
  Language:PHP 149
• template-injection-workshop

  GoSecure / template-injection-workshop

  Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

  appseccodelabsfreemarkerinjectionjinja2templatetornadotwigvelocityvulnerable-web-app
  Language:CSS 119

• lunasec-io / Spring4Shell-POC

  This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

  spring4shellspring4shell-pocvulnerable-web-app
  Language:Python 104

• appsecco / sqlinjection-training-app

  A simple PHP application to learn SQL Injection detection and exploitation techniques.

  vulnerable-appsowasp-top-10sql-injectionexploitappsectraining-appweb-securityapplication-securityvulnerable-web-appowasp-top-ten
  Language:PHP 96

• TheTwitchy / vulnd_xxe

  A server vulnerable to XXE that can be used to test payloads using the xxer tool.

  vulnerable-web-appjavaxml
  Language:Java 25
• VulnerableLightApp

  Aif4thah / VulnerableLightApp

  Vulnerable API for educational purposes

  vulnerablevulnerable-web-appvulnerable-apihackingpentestapivulnerabilitiesvulnerabilityvulnerability-researchvulnerable-applicationvulnerable-applicationsvulnerable-web-applicationcybersecurity-educationdotneteducational-projecthacking-competitionsvulnerable-serverweb-apihacking-challengeowasp-top-10
  Language:C# 24

• OWASP / www-project-vulnerable-web-applications-directory

  The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site

  owaspappsecwebappsecvulnerable-web-appvulnerable-applicationsvulnerable-web-application
  Language:HTML 18

• sec4you / VulnLabs

  docker-compose bringing up multiple vulnerable applications inside containers.

  docker-composevulnerable-containervulnerabilitiesvulnerable-applicationvulnerable-web-appvulnerabledocker
  18

• karimtariqx / HackerStories

  This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.

  bugbountycybersecuritypenetration-testingpentestingvulnerabilityvulnerable-web-app
  Language:PHP 16

• OWASP / www-project-vulnerable-flask-app

  OWASP Foundation Web Respository

  flaskvulnerable-appvulnerable-applicationvulnerable-flask-appowaspowasp-top-10pythonowasp-vulnerable-flask-apprest-apivulnerable-web-appvulnerable-web-applicationvulnerable-restvulnerable-rest-apivulnerable-web-applicationsvulnerable-web-serverweb-pentestweb-hackingweb-pentest-lab
  Language:HTML 13

• qwqoro / Mail-Injection

  📧 [Research] E-Mail Injection: Vulnerable applications

  arbitraryarticlecommand-injectioncrlf-injectionemailemail-injectionimapinjectioninjection-attacksinjectionsinput-validationmailresearchsecuritysmtpvulnerabilitiesvulnerable-appvulnerable-applicationvulnerable-web-appvulnerable-web-application
  Language:HTML 11
• vfapi

  naryal2580 / vfapi

  Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

  fastapinosqlowasp-top-10owasp-top-10-2021owasp-top-tenowasp-top-ten-2021rest-apisqlvulnerablevulnerable-apivulnerable-applicationvulnerable-web-appwebapp
  Language:Python 9

• OSTEsayed / OSTE-Vulnerable-Web-Application

  Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

  cross-site-scriptingcyber-securityos-command-injectionphpsqlsql-injectionvulnerable-web-appweb-securityweb-vulnerabilityxss-vulnerability
  Language:PHP 9

• omarkurt / ssjs

  SSJS Web Shell Injection Case

  ssjs-webvulnerableinjection-casevulnerable-web-app
  Language:JavaScript 8

• UsagiB4 / Vulnerable-Machines-for-Pentesting-and-Hacking

  This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you

  gojsphppythonvulnerable-appvulnerable-applicationvulnerable-containervulnerable-web-app
  7

• Serhatcck / server-side-prototype-pollution

  A website developed with Nodejs. This website includes server side prototype pollution vulnerability

  nodejsprototype-pollutionvulnerable-web-appserver-side-prototype-pollution
  Language:CSS 6

• wishtack / wishtack-websheep

  ⛔️deprecated and replaced by https://github.com/marmicode/websheep

  attackcorscsrfdemodiscoverinfosecjwtsecurityvulnerable-web-app
  Language:JavaScript 6

• sanogotech / Vulnerable-Flask-App

  Erlik 2 - Vulnerable-Flask-App

  appsecflaskhackingowasppenetration-testingvulnerabilitiesvulnerablevulnerable-apivulnerable-flask-appvulnerable-web-appweb-securitywebpentest
  Language:Python 4

• yusufarbc / DockerVuln

  A TUI enviorment for vulnerable app containers.

  dockertuivulnerable-applicationvulnerable-containervulnerable-web-app
  Language:Shell 4

• anotherik / ThreatByte

  ThreatByte is a vulnerable Python (Flask) web application designed to demonstrate some Web Application and API Security risks.

  flask-applicationgoatsqlitetrainingvulnerable-web-appvulnerable-api
  Language:Python 3

• bocajspear1 / mlprtc

  A very vulnerable "medical" web app. Just look at the name.

  vulnerablevulnerable-web-app
  Language:PHP 3

• jib1337 / websandbox

  Small forum website for practicing basic web exploits.

  hackingvulnerablevulnerable-web-app
  Language:PHP 3

• manuelz120 / extremely-vulnerable-flask-app

  Intentionally vulnerable Python / Flask application, built for educational purposes.

  flaskowasp-top-10python3securitysecurity-trainingvulnerable-web-app
  Language:Python 3

• cerberauth / api-vulns-challenges

  Provide a collection of deliberately vulnerable APIs along with corresponding challenges to help enhancing their skills in identifying, exploiting, and securing API vulnerabilities.

  cybersecurityjwtjwt-authenticationvulnerabilityvulnerability-labcybersecurity-educationapiapi-restsecurity-toolsvulnerable-web-app
  Language:Go 2

• DotDotSlashRepo / vulnrestdocker

  Vulnerable REST based PHP webservice deployed in Docker

  phpvulnerable-containervulnerable-web-apprest-apiintentionally-vulnerable
  Language:CSS 2

• firdauskhairuddin / lekir-docker

  LEKIR - Vulnerable by design to help people learn about common web security, dockerized!

  hackinglearning-by-doingvulnerablevulnerable-web-app
  Language:Dockerfile 2

• Hritikpatel / InsecureTrust_Bank

  "InsecureTrust_Bank: Educational repo demonstrating web app vulnerabilities like SQL injection & XSS for security awareness. Use responsibly.

  php8vulnerabilitiesvulnerable-web-appvulnerable-web-applicationweb
  Language:PHP 2

• knightr1d3r007 / OWASP_IOTgoat_for_A5-V11_mini_router

  IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.

  iot-applicationiot-devicevulnerable-appvulnerable-web-apppentestingpentesting-iot
  2

• sec-zone / vuln_app

  Another vulnerable application for practicing web penetration testing.

  vulnerabilitiesvulnerabilityvulnerable-web-appvulnerable-applicationvulnerable-appvulnerable-containerpenetration-testingpentestingdjango-application
  Language:Python 2

• Snbig / Vulnerable-Pages

  Intentionally Vulnerable Pages for OWASP ASVS Security Evaluation Templates with Nuclei Project. https://snbig.github.io/Vulnerable-Pages/

  asvsnucleiowasppentestvulnerable-web-appwstg
  Language:Python 2

• th3r4ven / XSS-WEB-APP

  xssxss-vulnerabilityxss-pocwebsiteblogvulnerable-web-appvulnerable-applicationflaskpythonsecurity
  Language:Python 2