Monday, March 7, 2016

Vulnerable Web Application Lists For Learning Pentest

Here's a list of Vulnerable Web Application sites for learning Penetration Testing,  you can legally scan / "attack" to exploit. They are mostly hosted by security companies as "target practice".


No. Vulnerable Application Platform
1 SPI Dynamics (live) ASP
2 Cenzic (live) PHP
3 Watchfire (live) ASPX
4 Acunetix 1 (live) PHP
5 Acunetix 2 (live) ASP
6 Acunetix 3 (live) ASP.Net
7 PCTechtips Challenge (live)
8 Damn Vulnerable Web Application PHP/MySQL
9 Mutillidae PHP
10 The Butterfly Security Project PHP
11 Hacme Casino Ruby on Rails
12 Hacme Bank 2.0 ASP.NET (2.0)
13 Updated HackmeBank ASP.NET (2.0)
14 Hacme Books J2EE
15 Hacme Travel C++ (application client-server)
16 Hacme Shipping ColdFusion MX 7, MySQL
17 OWASP WebGoat JAVA
18 OWASP Vicnum PHP, Perl
19 OWASP InsecureWebApp JAVA
20 OWASP SiteGenerator ASP.NET
21 Moth
22 Stanford SecuriBench JAVA
23 SecuriBench Micro JAVA
24 BadStore Perl(CGI)
25 WebMaven/Buggy Bank
26 EnigmaGroup
27 XSS Encoding Skills
28 Google – Gruyere
29 Exploit- DB Multi-platform
30 The Bodgeit Store JSP
31 LampSecurity PHP
32 hackxor Perl(CGI)
33 OWASP – Hackademic PHP
34 Exploit.co.il-WA PHP
35 crackme.cenzic.com PHP
36 hackthissite.org

If you know other legally web applications for learning, please mention bellow. We will update it. And let us know if there are any links are dead.

No comments:

Post a Comment