OWASP Developer Guide

Vulnerable Applications

Developer guide logo

7.1 Vulnerable Applications

Vulnerable applications are useful for the Training and Education activities described in the SAMM Training and Awareness section, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.

The vulnerable applications provide a safe environment where various vulnerable targets can be attacked. This provides practice in using various penetration tools available to a tester, without the risk of attack traffic triggering intrusion detection systems. The OWASP Vulnerable Web Applications Directory Project (VWAD) provides a comprehensive list of available intentionally-vulnerable web applications:

Vulnerable mobile applications
Offline vulnerable web applications
Containerized vulnerable web applications
vulnerable web applications available Online

Sections:

7.1 Juice Shop
7.2 WebGoat
7.3 PyGoat
7.4 Security Shepherd

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.

Watch Star

Vulnerable Applications

7.1 Vulnerable Applications

Developer Guide (draft)

Upcoming OWASP Global Events