OWASP Vulnerable Web Applications Directory Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP Vulnerable Web Applications Directory Project
OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available.

Introduction
Select from the above tabs to view all of the:
 * On-Line applications
 * Off-Line applications
 * Virtual Machines and ISO images

Description
OWASP Vulnerable Web Applications Directory (VWAD) Project is a comprehensive and well maintained registry of all known vulnerable web applications currently available. These vulnerable web applications can be used by web developers, security auditors and penetration testers to put in practice their knowledge and skills during training sessions (and specially afterwards), as well as to test at any time the multiple hacking tools and offensive techniques available, in preparation for their next real-world engagement.

VWAD main goal is to provide a list of vulnerable web applications available to security professionals for hacking and offensive activities, so that they can attack realistic web environments... without going to jail :)

The vulnerable web applications have been classified in three categories: On-Line, Off-Line, and VMs/ISOs. Each list has been ordered alphabetically.

An initial list that inspired this project was maintained till the end on 2013 at: http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html.

Licensing
OWASP Vulnerable Web Applications Directory Projects is free to use. It is licensed under the Apache 2.0 License, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is VWAD?
OWASP VWAD provides:


 * A list of all known vulnerable web applications.

Presentation
TBA

Project Leaders

 * [mailto:raul@raulsiles.com Raul Siles]
 * Simon Bennetts

Related Projects

 * N/A


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download

 * N/A - The project is self contained on the wiki.

News and Events

 * [16 Oct 2013] Project created.

In Print
N/A

Classifications

 * }

=On-Line apps=

Please add any new apps in alphabetic order, correct mistakes or just comment on this page if you dont have write access to this wiki.

= Off-Line apps =

Vulnerable applications that have to be downloaded and used locally:

Please add any new apps in alphabetic order, correct mistakes or just comment on this page if you dont have write access to this wiki.

The following apps are quite old and appear not to be maintained - as such they are probably less useful.

= Virtual Machines or ISOs =

VMs which contain multiple vulnerable applications:

Please add any new apps in alphabetic order, correct mistakes or just comment on this page if you dont have write access to this wiki.

The following apps are quite old and appear not to be maintained - as such they are probably less useful.

= Acknowledgements =

Volunteers
VWAD is developed by a worldwide team of volunteers. The primary contributors to date have been:


 * [mailto:raul@raulsiles.com Raul Siles]
 * Simon Bennetts

On-line resources used

 * Vulnerable Web Applications for learning

= Road Map and Getting Involved = As of October 15, 2013, the priorities are:
 * Document all known Vulnerable Web Applications
 * Publicise
 * Keep up to date
 * Please add a more robust/descriptive roadmap.

Involvement in the development and promotion of the OWASP Vulnerable Web Applications Directory Project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
 * Update the wiki with any missing apps

=Project About=