Vulnerable Web Applications

Deliberately insecure web applications designed for security training, penetration testing practice, and vulnerability demonstration.

3 projects

2,384 contributors

$7.1M

Most contributors

OWASP Juice Shop

OWASP Juice Shop is an intentionally vulnerable web application designed for security training, with comprehensive hacking challenges covering the OWASP Top Ten and other security flaws. It provides a modern e-commerce platform that serves as a learning environment for web application security testing and penetration testing practice.

Contributors

1,331

Organizations

187

Software value

$4M

WebGoat

WebGoat is a deliberately insecure web application designed to teach web application security lessons. It creates a safe environment where developers can learn about application security by attempting real-world attack scenarios and understanding common vulnerabilities.

Contributors

1,053

Organizations

124

Software value

$3M

OWASP WrongSecrets

Vulnerable app with examples showing how to not use secrets

This project hasn't been onboarded to LFX Insights.

Looking for a project that’s not listed?