Pygoat

The purpose is to give both developers and testers a platform for learning how to test applications and how to code securely. PyGoat is written in python and used Django web framework as a platform. It has both traditional web application vulnerabilities (i.e. XSS, SQLi) as well.
PyGoat also has an area where you can see the source code to determine where the mistake was made that caused the vulnerability and allows you to make changes to secure it.

Features

The Vulnerabilities can based on OWASP top ten, Mitre CVE & SANS 25 Top Errors, thank you team https://appsec.asia