I am currently working on an application for automatically testing of web applications, i.e. I try to inject malicious inputs (sqli or xss) into input fields of web applications. The problem is, that I am of course not allowed do test real world applications.
My question is, do you know of "good" web applications, which are "meant" to be exploited? I tested also the ones like DVWA, BodgeIt etc. but that's not what I am searching.