OWASP Developer Guide

Vulnerable Applications

Developer guide logo

7.1 Vulnerable Applications

Vulnerable applications are useful for the Training and Education activities described in the SAMM Training and Awareness section, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.

The vulnerable applications provide a safe environment where various vulnerable targets can be attacked. This provides practice in using various penetration tools available to a tester, without the risk of attack traffic triggering intrusion detection systems. The OWASP Vulnerable Web Applications Directory Project (VWAD) provides a comprehensive list of available intentionally-vulnerable web applications:

Sections:

7.1 Juice Shop
7.2 WebGoat
7.3 PyGoat
7.4 Security Shepherd


The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.