[Owasp-leaders] OWASP Vulnerable Web Applications Directory Project

psiinon psiinon at gmail.com
Fri Oct 18 14:55:18 UTC 2013

Hi leaders,

I've been working with Raul to make the list of vulnerable web applications
he was maintaining on his blog (
into an OWASP Project.

The result is the OWASP Vulnerable Web Applications Directory

To quote from the project description:

"OWASP Vulnerable Web Applications Directory (VWAD) Project is a
comprehensive and well maintained registry of all known vulnerable web
applications currently available. These vulnerable web applications can be
used by web developers, security auditors and penetration testers to put in
practice their knowledge and skills during training sessions (and specially
afterwards), as well as to test at any time the multiple hacking tools and
offensive techniques available, in preparation for their next real-world

VWAD main goal is to provide a list of vulnerable web applications
available to security professionals for hacking and offensive activities,
so that they can attack realistic web environments... without going to
jail :)

The vulnerable web applications have been classified in three categories:
On-Line, Off-Line, and VMs/ISOs. Each list has been ordered alphabetically.

An initial list that inspired this project was maintained till the end on
2013 at:
Please let us know if anything is wrong or missing.
Or even better, just update the page yourself - the project is self
contained on the OWASP wiki so anyone can go in and correct things.

And let us know if you have any suggestions for ways it could be improved.

Oh, and spread the word - we want it to be the top result when you search
for "vulnerable web applications" using your favourite search engine.



OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20131018/68585fc2/attachment.html>

More information about the OWASP-Leaders mailing list