2013-10-16

Description and minor adjustments.

← Older revision

Revision as of 10:31, 16 October 2013

Line 15:

Line 15:

 

* On-Line applications

 

* On-Line applications

 

* Off-Line applications

 

* Off-Line applications



* Virtual Machines

+

* Virtual Machines
and ISO images

 

 

 

 

 

==Description==

 

==Description==

 

 



Do we need anything more here?

+

OWASP Vulnerable Web Applications Directory (VWAD) Project is a comprehensive and well maintained registry of all known vulnerable web applications currently available. These vulnerable web applications can be used by web developers, security auditors and penetration testers to put in practice their knowledge and skills during training sessions (and specially afterwards), as well as to test at any time the multiple hacking tools and offensive techniques available, in preparation for their next real-world engagement.

 

+

 

 

+

VWAD main goal is to provide a list of vulnerable web applications available to security professionals for hacking and offensive activities, so that they can attack realistic web environments... without going to jail :)

 

+

 

 

+

The vulnerable web applications have been classified in three categories: On-Line, Off-Line, and VMs/ISOs. Each list has been ordered alphabetically.

 

+

 

 

+

An initial list that inspired this project was maintained till the end on 2013 at: http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html.

 

 

 

 

Line 32:

Line 38:

 

OWASP VWAD provides:

 

OWASP VWAD provides:

 

 



* A list of all known vulnerable web applications

+

* A list of all known vulnerable web applications
.

 

 

 

 

Line 59:

Line 65:

 

== Quick Download ==

 

== Quick Download ==

 

 



* N/A -
the
project is self contained on the wiki

+

* N/A -
The
project is self contained on the wiki
.

 

 

 

 

 

 

 

== News and Events ==

 

== News and Events ==



* [16 Oct 2013] Project created

+

* [16 Oct 2013] Project created
.

 

 

 

 

Line 92:

Line 98:

 

|-

 

|-

 

! scope="col" | App Name / Link

 

! scope="col" | App Name / Link

 

+

! scope="col" | Technology

 

! scope="col" | Author

 

! scope="col" | Author

 

! scope="col" | Comments

 

! scope="col" | Comments

 

|-

 

|-

 

| [http://testaspnet.vulnweb.com/ Acublog]

 

| [http://testaspnet.vulnweb.com/ Acublog]

 

+

|

 

| Acunetix

 

| Acunetix

 

|  

 

|  

 

|-

 

|-

 

| [http://testasp.vulnweb.com/ Acuforum]

 

| [http://testasp.vulnweb.com/ Acuforum]

 

+

|

 

| Acunetix

 

| Acunetix

 

|  

 

|  

 

|-

 

|-

 

| [http://demo.testfire.net/ Altoro Mutual]

 

| [http://demo.testfire.net/ Altoro Mutual]

 

+

|

 

| IBM

 

| IBM

 

|

 

|

 

|-

 

|-

 

| [http://crackme.cenzic.com/ Crack Me Bank]  

 

| [http://crackme.cenzic.com/ Crack Me Bank]  

 

+

|

 

| Cenzic

 

| Cenzic

 

|

 

|

 

|-

 

|-

 

| [http://enigmagroup.org/ Enigma Group]

 

| [http://enigmagroup.org/ Enigma Group]

 

+

|

 

| Enigma Group

 

| Enigma Group

 

|

 

|

 

|-

 

|-

 

| [http://google-gruyere.appspot.com/ Gruyere]

 

| [http://google-gruyere.appspot.com/ Gruyere]

 

+

|

 

| Google

 

| Google

 

|

 

|

 

|-

 

|-

 

| [http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/ Hacker Challenge]

 

| [http://pctechtips.org/hacker-challenge-pwn3d-the-login-form/ Hacker Challenge]

 

+

|

 

| PCTechtips

 

| PCTechtips

 

|

 

|



|-

 

 

|-

 

|-

 

| [http://hackxor.sourceforge.net/cgi-bin/index.pl hackxor]

 

| [http://hackxor.sourceforge.net/cgi-bin/index.pl hackxor]

 

+

|

 

|

 

|

 

| First 2 levels online, rest offline

 

| First 2 levels online, rest offline

 

|-

 

|-

 

| [http://zero.webappsecurity.com/ Zero Bank]

 

| [http://zero.webappsecurity.com/ Zero Bank]

 

+

|

 

|

 

|

 

|

 

|

Line 284:

Line 299:

 

 

 

 



= Virtual Machines =

+

= Virtual Machines
or ISOs
=

 

 

 

VMs which contain multiple vulnerable applications:

 

VMs which contain multiple vulnerable applications:

Line 291:

Line 306:

 

|-

 

|-

 

! scope="col" | App Name / Link

 

! scope="col" | App Name / Link

 

+

! scope="col" | Technology

 

! scope="col" | Author

 

! scope="col" | Author

 

+

! scope="col" | VM/ISO

 

! scope="col" | Comments

 

! scope="col" | Comments

 

|-

 

|-

 

| [http://www.bonsai-sec.com/en/research/moth.php Moth]

 

| [http://www.bonsai-sec.com/en/research/moth.php Moth]

 

+

|

 

| Bonsai

 

| Bonsai

 

+

|

 

|

 

|

 

|-

 

|-

 

| [https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project Broken Web Applications]

 

| [https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project Broken Web Applications]

 

+

|

 

| OWASP

 

| OWASP

 

+

|

 

|  

 

|  

 

|}

 

|}

Show more