Home 0P3N Blog Recommended Vulnerable Web App
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

Recommended Vulnerable Web App

January 1, 2016
authors profile image
January 1, 2016
I have been looking around and I see there are many vulnerable web applications such as UltmateLAMP, DVWA, WebGoat, etc. However with so many to try there is no time to test them all. So my question is for those who are more experienced, which vulnerable web application would you recommend to quickly get a person from a novice to an intermediate level? It's too bad that this is now defunct: https://www.owasp.org/index.php/OWASP\_Broken\_Web\_Applications\_Project but if you look around on the OWASP site you'll find some pretty good ones. I recommend actually following something like https://packetstormsecurity.com/ and https://www.exploit-db.com/ and actually installing a vulnerable version on a VM (I recommend using Vagrant), and practicing cracking it using those vulnerabilities you find. It will give you experience with real world scenarios so that during testing, if you happen to find one of these real world apps you have experience with using the vulnerabilities that are out there. I hope this helps. @sage - Have you looked at [Metasploitable by Rapid7](https://information.rapid7.com/metasploitable-download.html) Its an intentionally vulnerable VM set up n ready to hack. It has Multidae installed which will facilitate PHP web app vulnerability assesment C baughman's recommendation regarding owasp is a good idea. [OWASP.org Web App testing](https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project). Anyone interested in developing secure web apps or testing web apps should check out owasp.org. Google OWASP top 10 Mutillidae (by IronGeek) - covers most of OWASP from basics till intermediate/advanced, hints included, difficulty level - also included, many walkthrough guides available online (even on IronGeek's site) \*sigh\* You dudes are the best. Thanks guys You can also test sites like https://www.altoromutual.com/ or the site test of Qualys if you don't want to install a VM. :) Nice feedback I use OWASP Broken Web Application (https://www.owasp.org/index.php/OWASP\_Broken\_Web\_Applications\_Project) It's got WebGoat, Mutillidae, vulnerable versions of Wordpress and much more. It's really a one stop shop all built into a VM for you. Highly recommended. Owasp recommanded!!! OWASP is your best friend! @romualds - i thought OWASP was my best friend. OWASP and I need to spend more time rogether pentesterlab is another good source for you. You can download independent exercises and master them. https://pentesterlab.com/exercises/ Good references. Thanks! Hi, If you want to train yourself, you can find tons of free WM from Vulnhub (you must download them) Thanks for the information.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry