There are 11 repositories under vulnerable-web-app topic.
Vulnerable app with examples showing how to not use secrets
The OWASP Vulnerable Web Applications Directory project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.
OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber
Vulnerable Banking Suite
Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.
This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).
A simple PHP application to learn SQL Injection detection and exploitation techniques.
A server vulnerable to XXE that can be used to test payloads using the xxer tool.
Vulnerable API for educational purposes
The OWASP Vulnerable Web Applications Directory (VWAD) Project - OWASP Web Site
This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.
OWASP Foundation Web Respository
📧 [Research] E-Mail Injection: Vulnerable applications
Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021
Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.
This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you
A website developed with Nodejs. This website includes server side prototype pollution vulnerability
⛔️deprecated and replaced by https://github.com/marmicode/websheep
Erlik 2 - Vulnerable-Flask-App
A TUI enviorment for vulnerable app containers.
ThreatByte is a vulnerable Python (Flask) web application designed to demonstrate some Web Application and API Security risks.
A very vulnerable "medical" web app. Just look at the name.
Small forum website for practicing basic web exploits.
Intentionally vulnerable Python / Flask application, built for educational purposes.
Provide a collection of deliberately vulnerable APIs along with corresponding challenges to help enhancing their skills in identifying, exploiting, and securing API vulnerabilities.
Vulnerable REST based PHP webservice deployed in Docker
LEKIR - Vulnerable by design to help people learn about common web security, dockerized!
"InsecureTrust_Bank: Educational repo demonstrating web app vulnerabilities like SQL injection & XSS for security awareness. Use responsibly.
IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.
Intentionally Vulnerable Pages for OWASP ASVS Security Evaluation Templates with Nuclei Project. https://snbig.github.io/Vulnerable-Pages/