Vulnerable OS, environments, software, web applications and websites. Their main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Tool count: 4
|Damn Vulnerable Web App (DVWA)||v1.9||Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.||environments|
|OWASP Broken Web Applications Project||1.2||OWASP Broken Web Applications Project is a collection of vulnerable web applications that is distributed on a Virtual Machine. The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: learning about web application security; testing manual assessment techniques; testing automated tools; testing source code analysis tools; observing web attacks; testing WAFs and similar code technologies.||environments|
|OWASP Mutillidae II||2.6.67||OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.||environments|
|Web Security Dojo||3.4||A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo. Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v12.04LTS, which is patched with the appropriate updates and VM additions for easy use. The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started - tools, targets, and documentation.||environments|