Here's a list of Vulnerable Web Application sites for learning
Penetration Testing, you can legally scan / "attack" to exploit. They
are mostly hosted by security companies as "target practice".
If you know other legally web applications for learning, please mention bellow. We will update it. And let us know if there are any links are dead.
| No. | Vulnerable Application | Platform |
| 1 | SPI Dynamics (live) | ASP |
| 2 | Cenzic (live) | PHP |
| 3 | Watchfire (live) | ASPX |
| 4 | Acunetix 1 (live) | PHP |
| 5 | Acunetix 2 (live) | ASP |
| 6 | Acunetix 3 (live) | ASP.Net |
| 7 | PCTechtips Challenge (live) | |
| 8 | Damn Vulnerable Web Application | PHP/MySQL |
| 9 | Mutillidae | PHP |
| 10 | The Butterfly Security Project | PHP |
| 11 | Hacme Casino | Ruby on Rails |
| 12 | Hacme Bank 2.0 | ASP.NET (2.0) |
| 13 | Updated HackmeBank | ASP.NET (2.0) |
| 14 | Hacme Books | J2EE |
| 15 | Hacme Travel | C++ (application client-server) |
| 16 | Hacme Shipping | ColdFusion MX 7, MySQL |
| 17 | OWASP WebGoat | JAVA |
| 18 | OWASP Vicnum | PHP, Perl |
| 19 | OWASP InsecureWebApp | JAVA |
| 20 | OWASP SiteGenerator | ASP.NET |
| 21 | Moth | |
| 22 | Stanford SecuriBench | JAVA |
| 23 | SecuriBench Micro | JAVA |
| 24 | BadStore | Perl(CGI) |
| 25 | WebMaven/Buggy Bank | |
| 26 | EnigmaGroup | |
| 27 | XSS Encoding Skills | |
| 28 | Google – Gruyere | |
| 29 | Exploit- DB | Multi-platform |
| 30 | The Bodgeit Store | JSP |
| 31 | LampSecurity | PHP |
| 32 | hackxor | Perl(CGI) |
| 33 | OWASP – Hackademic | PHP |
| 34 | Exploit.co.il-WA | PHP |
| 35 | crackme.cenzic.com | PHP |
| 36 | hackthissite.org |
If you know other legally web applications for learning, please mention bellow. We will update it. And let us know if there are any links are dead.
No comments:
Post a Comment