Vulnerable Applications
7.1 Vulnerable Applications
Vulnerable applications are useful for the Training and Education activities described in the SAMM Training and Awareness section, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.
The vulnerable applications provide a safe environment where various vulnerable targets can be attacked. This provides practice in using various penetration tools available to a tester, without the risk of attack traffic triggering intrusion detection systems. The OWASP Vulnerable Web Applications Directory Project (VWAD) provides a comprehensive list of available intentionally-vulnerable web applications:
- Vulnerable mobile applications
- Offline vulnerable web applications
- Containerized vulnerable web applications
- vulnerable web applications available Online
Sections:
7.1 Juice Shop
7.2 WebGoat
7.3 PyGoat
7.4 Security Shepherd
The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.