ePsiLoN's Information Security Blog

,

Vulnerable web applications to play with

Posted by

ePsiLoN

This is just a list with applicaitons and frameworks out there that could be used to test your web application pentesting kung fu skills or to test your automated tools.

I am trying to keep copy of those with me, because projects tend to die. So if you find that some of the links is dead, please let me know to remove it or to link to local copy of the thingy.

Enjoy!

Project name Project home page Technologies/Frameworks
OWASP bricks http://sechow.com/bricks/ PHP, MySQL
NOWASP (Mutillidae) http://sourceforge.net/projects/mutillidae/ PHP, MySQL
DVWA (Damn Vulnerable Web Application) http://www.dvwa.co.uk PHP, MySQL
OWASP WebGoat Project https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project .NET, J2EE
InsecureWebApp http://insecurewebapp.sourceforge.net/main/index.html J2EE (JSP)
exploit.co.il Vulnerable Web App http://sourceforge.net/projects/exploitcoilvuln/ PHP
hackxor http://hackxor.sourceforge.net Perl, MySQL
LAMP Security Training http://sourceforge.net/projects/lampsecurity/ PHP, MySQL
BodgeIt Store http://code.google.com/p/bodgeit/ J2EE (JSP)
Moth http://www.bonsai-sec.com/en/research/moth.php PHP, MySQL
OWASP Vicnum http://sourceforge.net/projects/vicnum/ PHP, Perl
Hack Me Bank http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx .NET 1.1, MSSQL
Hack Me Bank – Android http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspx Java 1.6 and up, Android SDK
Hack Me Books http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx Java 1.4 and up
Hack Me Casion http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx Ruby on Rails
Hack Me Shipping http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx ColdFusion, MySQL
Hack Me Travel http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx .NET 1.1, C++

ePsiLoN

One response

  1. Avatar
    Anonymous

    Analysts who make a living trying to explain Washington to Wall Street continue to warn that a technical default is a possibility.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archive

Tags

bruteforce bug bounty bug hunting Burp Suite d3 data leak data recovery dictionary entropy pool fix fund raising fuzzing hackaday image processing Journalistic tools log analysis malware mindmap patebin Practical Reverse Engineering randomness sandbox skype SQL injection SSL technical visualisation Vulnerability Management Wanda the fish Zeus