vulnerable-web-app

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Security vulnerabilities within your own API Security CTF.

ctf vulnerable-web-app apisecurity

Updated Apr 12, 2024
CSS

lucideus-repo / UnSAFE_Bank

Star

Vulnerable Banking Suite

hacking cybersecurity learn application-security security-vulnerability learning-by-doing mobile-security whitehat vulnerability-assessment ethical-hacking vulnerable-web-app security-testing vulnerable-applications vulnerable-android-apps vulnerable-webserver vulnerable-ios-apps

Updated Aug 6, 2023
PHP

GoSecure / template-injection-workshop

Star

Workshop on Template Injection (6 exercises) covering Twig, Jinja2, Tornado, Velocity and Freemaker engines.

template twig jinja2 velocity injection tornado freemarker codelabs appsec vulnerable-web-app

Updated Jan 10, 2023
CSS

appsecco / sqlinjection-training-app

Star

A simple PHP application to learn SQL Injection detection and exploitation techniques.

exploit sql-injection application-security web-security appsec vulnerable-web-app owasp-top-10 owasp-top-ten vulnerable-apps training-app

Updated Oct 18, 2022
PHP

lunasec-io / Spring4Shell-POC

Sponsor

Star

This is a dockerized application that is vulnerable to the Spring4Shell vulnerability (CVE-2022-22965).

vulnerable-web-app spring4shell spring4shell-poc

Updated Aug 4, 2022
Python

OWASP / www-project-vulnerable-web-applications-directory

Sponsor

Star

The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

owasp appsec webappsec vulnerable-web-app vulnerable-web-application vulnerable-applications

Updated Jul 8, 2025
HTML

Aif4thah / VulnerableLightApp

Sponsor

Star

Vulnerable API for research and education

Updated May 22, 2025
C#

TheTwitchy / vulnd_xxe

Star

A server vulnerable to XXE that can be used to test payloads using the xxer tool.

java xml vulnerable-web-app

Updated Mar 29, 2018
Java

Zero trust. Zero security. Total exposure. A deliberately vulnerable health tech platform with AI Chatbot for learning about application security and ethical hacking. It contains vulnerabilities from OWASP top 10 Web, API and AI/LLM Security Vulnerabilities. Highly vulnerable, never use in production.

security hacking owasp pentesting ctf appsec vulnerable-web-app

Updated Jun 15, 2025
JavaScript

sec4you / VulnLabs

Star

docker-compose bringing up multiple vulnerable applications inside containers.

docker docker-compose vulnerabilities vulnerable vulnerable-container vulnerable-application vulnerable-web-app

Updated Jan 29, 2018

karimtariqx / HackerStories

Star

This project is a vulnerable web application to practice on. It is designed for educational purposes to help security enthusiasts and developers understand and mitigate common web vulnerabilities.

cybersecurity penetration-testing vulnerability pentesting bugbounty vulnerable-web-app

Updated Feb 21, 2024
PHP

dev-angelist / WebSafeHub---Vulnerable-Web-App

Star

WebSafeHub - Vulnerable Web App

xss sqli csrf dvwa awareness vulnerable-web-app websecurity sqlinjection vulnerable-web-application wapt securecode waptx crosssitescripting webbappsecurity securitybydesign

Updated Jun 2, 2024
PHP

qwqoro / Mail-Injection

Star

📧 [Research] E-Mail Injection: Vulnerable applications

Updated May 26, 2024
HTML

OSTEsayed / OSTE-Vulnerable-Web-Application

Star

Vulnerable Web application made with PHP/SQL designed to help new web testers gain some experience and test DAST tools for identifying web vulnerabilities. Containing some of the most well-known vulnerabilities such as SQL, cross-site scripting (XSS), OS command injections, our intention to expand more vulnerabilities for learning purposes.

php sql sql-injection xss-vulnerability web-security cyber-security vulnerable-web-app cross-site-scripting web-vulnerability os-command-injection