OWASP Developer Guide

Vulnerable Applications

Developer guide logo {height=180px}

7.1 Vulnerable Applications

Vulnerable applications are useful for the Training and Education activities described in the SAMM Training and Awareness section, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.

The intentionally-vulnerable applications provide a safe environment where various vulnerable targets can be attacked. This provides practice in using various penetration tools available to a tester, without the risk of attack traffic triggering intrusion detection systems. The OWASP Vulnerable Web Applications Directory Project (VWAD) provides a comprehensive list of available intentionally-vulnerable web applications:

Vulnerable mobile applications
Offline vulnerable web applications
Containerized vulnerable web applications
vulnerable web applications available Online

Sections:

7.1.1 Juice Shop
7.1.2 WebGoat
7.1.3 PyGoat
7.1.4 Security Shepherd

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue.

Watch Star

Vulnerable Applications

7.1 Vulnerable Applications

Developer Guide

Upcoming OWASP Global Events