Vulnerable webapp testbed
-
Updated
May 11, 2016 - Java
Vulnerable webapp testbed
SQL injection testbed designed for sqlmap practice (MySQL backend)
Vulnerable REST based PHP webservice deployed in Docker
VWA (vulnerable web applications) for SSJI, implemented in NodeJS and ExpressJS
Intentionally vulnerable JavaScript Code Snippets which are intended to benchmark Static Application Security Testing tools.
TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production cloud environments.
[SECURITY LAB] Intentionally vulnerable PKI manager repo — contains leaked CA credentials in git history for training exercises
Intentionally insecure demo app for the Bolt IoT Agentic Programming Training course. Students audit and patch five planted client-side vulnerabilities using AI coding agents. Do NOT deploy publicly or use with real data.
A deliberately vulnerable web application exhibiting a simple password exposure vulnerability.
Intentionally misconfigured Spring Boot app for teaching black-box reverse engineering
A deliberately vulnerable web application exhibiting an unrestricted file upload vulnerability.
Sistema de notas propositalmente vulnerável para educação em segurança cibernética e testes de penetração - contém 12+ vulnerabilidades web intencionais (SQL Injection, XSS, Path Traversal, Command Injection, etc.)
A deliberately vulnerable web application exhibiting a HTML injection vulnerability.
Intentionally vulnerable dApp for learning blockchain and smart contract security.
Intentionally vulnerable web app full of secrets to test security scanners and dependency auditors.
[DEMO]Security awareness training demo: malicious npm postinstall hook attack and prompt injection simulation
A simple Django contact form with an intentional validation flaw
Intentionally vulnerable demo target for evaluating secret-detection tools. All credentials are synthetic test data — auth-tested non-functional.
Add a description, image, and links to the intentionally-vulnerable topic page so that developers can more easily learn about it.
To associate your repository with the intentionally-vulnerable topic, visit your repo's landing page and select "manage topics."