vulnerable-web-app

There are 11 repositories under vulnerable-web-app topic.

• OWASP / wrongsecrets

  Vulnerable app with examples showing how to not use secrets

  awsazurectfdevsecopsdockergcphashicorp-vaultjavakeepasskubernetesowaspsecretssecrets-managementsecurityterraform-awsterraform-azureterraform-gcpvaultvulnerable-web-app
  Language:Java 1367
• VAmPI

  erev0s / VAmPI

  Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

  apiapi-restsecurity-toolsvulnerable-web-app
  Language:Python 1041

• OWASP / OWASP-VWAD

  :warning: This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory

  appsecvulnerable-web-appvulnerable-web-applicationvulnerableowasp
  879

• OWASP / Vulnerable-Web-Application

  OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

  vulnerable-web-appwebphpsql-injectionxss-vulnerabilitycommand-executionfile-uploaddirectory-traversalxsssql
  Language:PHP 396

• Checkmarx / capital

  A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

  apisecurityctfvulnerable-web-app
  Language:CSS 304
• UnSAFE_Bank

  lucideus-repo / UnSAFE_Bank

  Vulnerable Banking Suite

  cybersecuritysecurity-vulnerabilitylearnvulnerability-assessmentlearning-by-doingsecurity-testingmobile-securityapplication-securityethical-hackingwhitehathackingvulnerable-applicationsvulnerable-webservervulnerable-android-appsvulnerable-ios-appsvulnerable-web-app
  Language:PHP 166
• template-injection-workshop

  GoSecure / template-injection-workshop

  Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

  appseccodelabsfreemarkerinjectionjinja2templatetornadotwigvelocityvulnerable-web-app
  Language:CSS 128

• appsecco / sqlinjection-training-app

  A simple PHP application to learn SQL Injection detection and exploitation techniques.

  vulnerable-appsowasp-top-10sql-injectionexploitappsectraining-appweb-securityapplication-securityvulnerable-web-appowasp-top-ten
  Language:PHP 123

• lunasec-io / Spring4Shell-POC

  This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

  spring4shellspring4shell-pocvulnerable-web-app
  Language:Python 107

• OWASP / www-project-vulnerable-web-applications-directory

  The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

  owaspappsecwebappsecvulnerable-web-appvulnerable-applicationsvulnerable-web-application
  Language:HTML 67
• VulnerableLightApp

  Aif4thah / VulnerableLightApp

  Vulnerable API for research and education

  vulnerablevulnerable-web-appvulnerable-apihackingpentestapivulnerable-applicationvulnerable-web-applicationcybersecurity-educationdotneteducational-projecthacking-competitionsvulnerable-serverweb-apihacking-challengeowasp-top-10cybersecurity-trainingdockerresearchresearch-and-development
  Language:C# 47

• aligorithm / Zero-Health

  Zero trust. Zero security. Total exposure. A deliberately vulnerable health tech platform with AI Chatbot for learning about application security and ethical hacking. It contains vulnerabilities from OWASP top 10 Web, API and AI/LLM Security Vulnerabilities. Highly vulnerable, never use in production.

  appsecctfhackingowasppentestingsecurityvulnerable-web-app
  Language:JavaScript 27

• TheTwitchy / vulnd_xxe

  A server vulnerable to XXE that can be used to test payloads using the xxer tool.

  javavulnerable-web-appxml
  Language:Java 26

• dev-angelist / WebSafeHub---Vulnerable-Web-App

  WebSafeHub - Vulnerable Web App

  awarenesscrosssitescriptingcsrfdvwasecurecodesecuritybydesignsqlisqlinjectionvulnerable-web-appvulnerable-web-applicationwaptwaptxwebbappsecuritywebsecurityxss
  Language:PHP 22

• sec4you / VulnLabs

  docker-compose bringing up multiple vulnerable applications inside containers.

  dockerdocker-composevulnerabilitiesvulnerablevulnerable-applicationvulnerable-containervulnerable-web-app
  19

• qwqoro / Mail-Injection

  📧 [Research] E-Mail Injection: Vulnerable applications

  arbitraryarticlecommand-injectioncrlf-injectionemailemail-injectionimapinjectioninjection-attacksinjectionsinput-validationmailresearchsecuritysmtpvulnerabilitiesvulnerable-appvulnerable-applicationvulnerable-web-appvulnerable-web-application
  Language:HTML 18

• karimtariqx / HackerStories

  This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.

  bugbountycybersecuritypenetration-testingpentestingvulnerabilityvulnerable-web-app
  Language:PHP 17

• OSTEsayed / OSTE-Vulnerable-Web-Application

  Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

  cross-site-scriptingcyber-securityos-command-injectionphpsqlsql-injectionvulnerable-web-appweb-securityweb-vulnerabilityxss-vulnerability
  Language:PHP 15

• OWASP / www-project-vulnerable-flask-app

  OWASP Foundation Web Respository

  flaskvulnerable-appvulnerable-applicationvulnerable-flask-appowaspowasp-top-10pythonowasp-vulnerable-flask-apprest-apivulnerable-web-appvulnerable-web-applicationvulnerable-restvulnerable-rest-apivulnerable-web-applicationsvulnerable-web-serverweb-pentestweb-hackingweb-pentest-lab
  Language:HTML 14
• vfapi

  naryal2580 / vfapi

  Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

  fastapivulnerablevulnerable-web-appvulnerable-applicationvulnerable-apiowasp-top-10owasp-top-tenowasp-top-ten-2021owasp-top-10-2021webappsqlnosqlrest-api
  Language:Python 13

• omarkurt / ssjs

  SSJS Web Shell Injection Case

  injection-casessjs-webvulnerablevulnerable-web-app
  Language:JavaScript 9

• UsagiB4 / Vulnerable-Machines-for-Pentesting-and-Hacking

  This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you

  gojsphppythonvulnerable-appvulnerable-applicationvulnerable-containervulnerable-web-app
  9

• Serhatcck / server-side-prototype-pollution

  A website developed with Nodejs. This website includes server side prototype pollution vulnerability

  nodejsprototype-pollutionvulnerable-web-appserver-side-prototype-pollution
  Language:CSS 8

• anotherik / ThreatByte

  ThreatByte is a vulnerable Python (Flask) web application designed to demonstrate some Web Application and API Security risks.

  flask-applicationgoatsqlitetrainingvulnerable-apivulnerable-web-app
  Language:Python 6

• firdauskhairuddin / lekir-docker

  LEKIR - Vulnerable by design to help people learn about common web security, dockerized!

  hackinglearning-by-doingvulnerablevulnerable-web-app
  Language:Dockerfile 6

• manuelz120 / extremely-vulnerable-flask-app

  Intentionally vulnerable Python / Flask application, built for educational purposes.

  flaskowasp-top-10python3securitysecurity-trainingvulnerable-web-app
  Language:Python 6

• wishtack / wishtack-websheep

  ⛔️deprecated and replaced by https://github.com/marmicode/websheep

  attackcorscsrfdemodiscoverinfosecjwtsecurityvulnerable-web-app
  Language:JavaScript 6

• cerberauth / api-vulns-challenges

  Provide a collection of deliberately vulnerable APIs along with corresponding challenges to help enhancing their skills in identifying, exploiting, and securing API vulnerabilities.

  cybersecurityjwtjwt-authenticationvulnerabilityvulnerability-labcybersecurity-educationapiapi-restsecurity-toolsvulnerable-web-appchallenge
  Language:Go 5

• Hritikpatel / InsecureTrust_Bank

  "InsecureTrust_Bank: Educational repo demonstrating web app vulnerabilities like SQL injection & XSS for security awareness. Use responsibly.

  php8vulnerabilitiesvulnerable-web-appvulnerable-web-applicationweb
  Language:PHP 5

• sanogotech / Vulnerable-Flask-App

  Erlik 2 - Vulnerable-Flask-App

  appsecflaskhackingowasppenetration-testingvulnerabilitiesvulnerablevulnerable-apivulnerable-flask-appvulnerable-web-appweb-securitywebpentest
  Language:Python 4

• yusufarbc / DockerVuln

  A TUI enviorment for vulnerable app containers.

  dockertuivulnerable-applicationvulnerable-containervulnerable-web-app
  Language:Shell 4

• jib1337 / websandbox

  Small forum website for practicing basic web exploits.

  vulnerable-web-appvulnerablehacking
  Language:PHP 3

• knightr1d3r007 / OWASP_IOTgoat_for_A5-V11_mini_router

  IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.

  iot-applicationiot-devicevulnerable-appvulnerable-web-apppentestingpentesting-iot
  3

• Snbig / Vulnerable-Pages

  Intentionally Vulnerable Pages for OWASP ASVS Security Evaluation Templates with Nuclei Project. https://snbig.github.io/Vulnerable-Pages/

  asvsnucleiowasppentestvulnerable-web-appwstg
  Language:Python 3

• th3r4ven / XSS-WEB-APP

  xssxss-vulnerabilityxss-pocwebsiteblogvulnerable-web-appvulnerable-applicationflaskpythonsecurity
  Language:Python 3

• Zeeyad-Sayed / Z-Vulnerable-Website-Project

  Z-Vulnerable-Website-Project (ZVP for short) is a project where I try to create a custom vulnerable website for learning and demonstrating common web security flaws.

  command-injectioncybersecuritydockerfile-inclusionpenetration-testingvulnerable-web-appweb-security-researchxss-vulnerability
  Language:PHP 2