⚠️ This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory

VulnerableApp-facade is probably most modern lightweight distributed farm of Vulnerable Applications built for handling wide range of vulnerabilities across tech stacks.

Vulnerable API for educational purposes

The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

OWASP Foundation Web Respository

📧 [Research] E-Mail Injection: Vulnerable applications

vuln-netframework is a .net-framework 4.7 project that include worst coding practices about common vulnerabilities like Insecure Deserialization, Os Command Injection, SQL Injection, etc.

Some vulnerables docker webapps

"InsecureTrust_Bank: Educational repo demonstrating web app vulnerabilities like SQL injection & XSS for security awareness. Use responsibly.

A simple vulnerable token machine written in python.

Infosec Coffee is a deliberately vulnerable web application to better understand interesting security flaws.

A Spring-Boot based web application for booking flights (fake data) that may contains vulnerabilities. Course project for UCD COMP47660 Secure Software Engineering

Bash script to install docker and OWASPs juice-shop vulnerable webapp. Run this and browse to http://localhost:3000

WebSafeHub - Vulnerable Web App

A really cool community web application... that's vulnerable (Made for CNY Hackathon 2019)

Unofficial VirtualBox virtual machine instance of OWASP Juice Shop

Vulnerabilities scanner tool

Hackademy is a Vulnerable Web Application, Made to practice and study the web security in depth from the Back-end perspective and understands how vulnerabilities get to arise

Simple flask app to demonstrate Server-Side Request Forgery (SSRF) attack