OWASP Broken Web Applications Project

Revision as of 01:27, 5 February 2010 by Dallendoug (talk | contribs) (updated site to reflect summary, links to groups, and added "News" tab.)

Jump to: navigation, search


The Broken Web Applications Project (BWA) is an effort to provide a wealth of applications with known vulnerabilities for those interested in:

  • learning about web application security
  • testing manual assessment techniques
  • testing automated tools
  • testing source code analysis tools
  • observing web attacks
  • testing WAFs and similar code technologies

all the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch.

We urge interested parties to join our Google Group or check out our Google Code Page.

This project is sponsored in part by AppSecDC2009-Sponsor-mandiant.gif


5-Feb-2010 -- Doug Wilson is presenting on OWASP BWA at ShmooCon in Washington DC at 6 PM

31-Jan-2010 -- We are now an "official" OWASP project, just in time for ShmooCon!

27-Jan-2010 -- Chuck Willis presents BWA at the DoD Cybercrime conference

Project Details

What does this OWASP project offer you?
What does this OWASP project release offer you?
what is this project?
OWASP Broken Web Applications Project

Purpose: a collection of vulnerable web applications that is distributed on a Virtual Machine.

License: Any custom code / modifications are GPLv2, but this does not override the license of each individual software package we incorporate. All software is open source.

who is working on this project?
Project Leader: Chuck Willis @

Project Maintainer:

Project Contributor(s):

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: View

Mailing list: N/A

Project Roadmap: To view, click here

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Chuck Willis @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Release 1.1.1 - September 27, 2013 - (download)

Release Leader: Chuck Willis @

Release details: Main links, release roadmap and assessment

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0