For about two years (Oct 2011 - Oct 2013) I have been maintaing the "Hacking Vulnerable Web Applications Without Going To Jail" blog post, adding new vulnerable web applications you can use to put in practice your knowledge and skills acquired during web application security training sessions, as well as to test any web hacking tools and offensive techniques.
However, last month we (Simon Bennetts, ZAP project lead, and myself) created the "OWASP Vulnerable Web Applications Directory (VWAD) Project", migrating the previous list to a new community OWASP project where more people can contribute and get access to the current directory of vulnerable web apps. The vulnerable web applications have been classified in three categories: online, offline, and virtual machines or ISO images.
If you are interested in contributing to the project, you have two options:
Enjoy and contribute to the VWAD project! :-)
However, last month we (Simon Bennetts, ZAP project lead, and myself) created the "OWASP Vulnerable Web Applications Directory (VWAD) Project", migrating the previous list to a new community OWASP project where more people can contribute and get access to the current directory of vulnerable web apps. The vulnerable web applications have been classified in three categories: online, offline, and virtual machines or ISO images.
If you are interested in contributing to the project, you have two options:
- You can directly edit the associated OWASP wiki page, if you have wiki write access permissions, and add any new web-apps in alphabetic order or correct mistakes. If possible, please let us know when you update new content.
- You can submit a git pull request to the associated GITHUB project repository.
Enjoy and contribute to the VWAD project! :-)