OWASP/Vulnerable-Web-Application external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

OWASP/Vulnerable-Web-Application

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/OWASP/Vulnerable-Web-Application)

Close

OWASP / Vulnerable-Web-ApplicationView on GitHubMore

• External links
• Readme badge

OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

☆406Jul 10, 2024Updated last year

Alternatives and similar repositories for Vulnerable-Web-Application

Users that are interested in Vulnerable-Web-Application are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• OWASP / OWASP-VWAD

  View on GitHub
  This repo is no longer in use. Please refer to https://github.com/OWASP/www-project-vulnerable-web-applications-directory
  ☆884Mar 2, 2026Updated 3 weeks ago
• OWASP / EnDe

  View on GitHub
  Encoder, Decoder, Converter, Calculator, TU WAS DU WILLST .. for various codings used in the wild wide web
  ☆41Jul 3, 2024Updated last year
• OWASP / OWASPWebGoatPHP

  View on GitHub
  A deliberately vulnerable web application for learning web application security.
  ☆149Apr 28, 2025Updated 10 months ago
• milad00ahmadi / yooz-vulnerable-webapp

  View on GitHub
  ☆18Dec 15, 2020Updated 5 years ago
• vavkamil / awesome-vulnerable-apps

  View on GitHub
  Awesome Vulnerable Applications
  ☆1,377Mar 9, 2026Updated 2 weeks ago
• kaiiyer / awesome-vulnerable

  View on GitHub
  A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
  ☆1,271Jan 11, 2026Updated 2 months ago
• lucideus-repo / UnSAFE_Bank

  View on GitHub
  Vulnerable Banking Suite
  ☆169Sep 29, 2025Updated 5 months ago
• geeksonsecurity / vuln-web-apps

  View on GitHub
  A curated list of vulnerable web applications.
  ☆340Dec 30, 2023Updated 2 years ago
• OWASP / DVSA

  View on GitHub
  a Damn Vulnerable Serverless Application
  ☆542Sep 12, 2023Updated 2 years ago
• appsecco / dvja

  View on GitHub
  Damn Vulnerable Java (EE) Application
  ☆147Jan 23, 2024Updated 2 years ago
• juice-shop / juice-shop-ctf

  View on GitHub
  Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF
  ☆463Jan 21, 2026Updated 2 months ago
• djadmin / vulnerable-app

  View on GitHub
  A sample web application using Node.js, Express and Angular that is vulnerable to common security vulnerabilities.
  ☆10Jun 15, 2023Updated 2 years ago
• appsecco / sqlinjection-training-app

  View on GitHub
  A simple PHP application to learn SQL Injection detection and exploitation techniques.
  ☆127Oct 18, 2022Updated 3 years ago
• webpwnized / mutillidae

  View on GitHub
  OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is…
  ☆1,474Aug 3, 2025Updated 7 months ago
• playframework / play-webgoat

  View on GitHub
  A vulnerable Play application for attackers.
  ☆18Mar 3, 2026Updated 2 weeks ago
• SasanLabs / VulnerableApp

  View on GitHub
  OWASP VulnerableApp Project: For Security Enthusiasts by Security Enthusiasts.
  ☆375Updated this week
• CSPF-Founder / JavaVulnerableLab

  View on GitHub
  Vulnerable Java based Web Application
  ☆271Jun 20, 2024Updated last year
• cr0hn / vulnerable-node

  View on GitHub
  A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of se…
  ☆484Aug 20, 2024Updated last year
• incredibleindishell / SSRF_Vulnerable_Lab

  View on GitHub
  This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack
  ☆765Aug 21, 2023Updated 2 years ago
• stamparm / DSVW

  View on GitHub
  Damn Small Vulnerable Web
  ☆862Dec 21, 2025Updated 3 months ago
• kushagrasarathe / beginners-resources

  View on GitHub
  This repo contains resources that a beginner would need to get started in Web application penetration testing and bug hunting.
  ☆18Jul 24, 2022Updated 3 years ago
• bugcrowd / bugcrowd_university

  View on GitHub
  Open source education content for the researcher community
  ☆2,760Apr 13, 2022Updated 3 years ago
• OWASP / RiskAssessmentFramework

  View on GitHub
  The Secure Coding Framework
  ☆272Aug 18, 2020Updated 5 years ago
• Mad-robot / Recon-Style

  View on GitHub
  ☆12Apr 14, 2021Updated 4 years ago
• OWASP / SecurityShepherd

  View on GitHub
  Web and mobile application security training platform
  ☆1,428Mar 16, 2026Updated last week
• CSPF-Founder / JavaSecurityCourse

  View on GitHub
  Hacking and Securing Java
  ☆79Jan 24, 2019Updated 7 years ago
• amngibson / metasploit-runner

  View on GitHub
  This is a gem that provides the ability to create a workspace, import scan data from nexpose, and perform a webscan, a web audit, and per…
  ☆10Dec 13, 2017Updated 8 years ago
• sec4you / VulnLabs

  View on GitHub
  docker-compose bringing up multiple vulnerable applications inside containers.
  ☆19Jan 29, 2018Updated 8 years ago
• nachiketrathod / HTTP.Request.Smuggling.Desync.Attack

  View on GitHub
  ☆15Apr 13, 2021Updated 4 years ago
• OWASP / Serverless-Goat

  View on GitHub
  OWASP ServerlessGoat: a serverless application demonstrating common serverless security flaws
  ☆328Jul 30, 2024Updated last year
• netwrix / LAPS-Permissions-Collection

  View on GitHub
  Looks up permissions within Active Directory on a target (OU or Computer) to determine access to LAPS attributes (ms-Mcs-AdmPwdExpiration…
  ☆16May 31, 2023Updated 2 years ago
• tanprathan / OWASP-Testing-Checklist

  View on GitHub
  OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and p…
  ☆1,746Feb 9, 2023Updated 3 years ago
• OWASP / NodeGoat

  View on GitHub
  The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Nod…
  ☆2,021Jun 15, 2024Updated last year
• aws-samples / aws-security-reference-architecture-examples

  View on GitHub
  Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (incl…
  ☆1,124Mar 10, 2026Updated last week
• DataFrogman / downDetector

  View on GitHub
  ☆11Apr 10, 2021Updated 4 years ago
• offensive-terraform / terraform-aws-ebs-snapshot-publicly-exposed

  View on GitHub
  Offensive Terraform module which copies publicly exposed EBS snapshot to us-east-1 region in attacker's AWS account and creates EBS volum…
  ☆14Sep 18, 2020Updated 5 years ago
• appsecco / dvna

  View on GitHub
  Damn Vulnerable NodeJS Application
  ☆766Mar 27, 2024Updated last year
• chughes29 / state-of-cloud-security

  View on GitHub
  A collection of 2020 artifacts describing the major pain points, vulnerabilities and concerns with Cloud Security.
  ☆20Jan 24, 2021Updated 5 years ago
• dark-warlord14 / crt.sh-one-liner

  View on GitHub
  Updated crt.sh one liner to get subdomains
  ☆18Jan 13, 2020Updated 6 years ago