In this post, we are gonna discuss Vulnerable Sites To (Legally) Practice Your Hacking Skills which helps penetration testers, security enthusiasts, developers, and students to discover and to prevent web vulnerabilities
bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps penetration testers, security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.” created by Malik Messelem, @MME_IT. bWAPP is built in PHP and uses MySQL.
For more advanced users, bWAPP also offers calls a bee-box, a custom Linux VM that comes pre-installed with bWAPP. User can download the latest version of bWAPP from here
2. Damn Vulnerable Web Application (DVWA)
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn Vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment,
helps web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment. User can download the latest version of DVWA from here
Mutillidae is a free, open source, deliberately Vulnerable web-application providing a target for the web-security enthusiast. It can be installed on Linux and Windows using a LAMP, WAMP, and XAMMP for users who do not want to administrate a web server.
With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an “assess the assessor” target for vulnerability assessment software. User can download the latest version of Mutillidae from here