5.1. Vulnerable web applications

The focus of vulnerable web application is to educate the people about security flaws in web application. SQL injection, file injection, cross-site scripting, code injection, and request forgery are threats which could have high impact.

5.1.1. DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. The main goals of DVWA are to be an aid for security professionals to test their skills and tools. It should help web developers to better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class.

5.1.2. bWAPP

Or a buggy web application is a web application build to allow security enthusiasts, students, and developers to better secure web applications. bWAPP prepares to conduct successful penetration testing and ethical hacking projects.

5.1.3. SQLI Labs

A platform to learn about SQL injection (SQLI). The labs are covering a wide range of injections (Union select, blind, update query, insert query, etc.).

5.1.4. MCIR

The Magical Code Injection Rainbow (MCIR) is a framework for building configurable vulnerability testbeds. It includes cryptomg, shellol, sqlol, xmlmao, and xssmh.

5.1.5. OWASP Hackademic Challenges Project

The OWASP Hackademic Challenges is an open source project that can be used to test and improve one’s knowledge of web application security.

5.1.6. XSSeducation

XSSeducation is a set of Cross Site Scripting vulnerable PHP pages for learning about XSS Vulnerabilities.

5.1.7. Bricks

Bricks is built on PHP and MySQ and serves as a web application security learning platform. It has strong focuses on variations of commonly seen application security issues. All ‘Bricks’ has some sort of security issue and those can be leveraged.