mailing list archives
OWASP Vulnerable Web Applications Directory Project
From: psiinon <psiinon () gmail com>
Date: Fri, 18 Oct 2013 16:04:11 +0100
The OWASP Vulnerable Web Applications Directory (VWAD) Project is a
comprehensive and well maintained registry of all known vulnerable web
applications currently available. These vulnerable web applications
can be used by web developers, security auditors and penetration
testers to put in practice their knowledge and skills during training
sessions (and especially afterwards), as well as to test at any time
the multiple hacking tools and offensive techniques available, in
preparation for their next real-world engagement.
The main goal of VWAD is to provide a list of vulnerable web
applications available to security professionals for hacking and
offensive activities, so that they can attack realistic web
environments... without going to jail :)
The vulnerable web applications have been classified in three
categories: On-Line, Off-Line, and VMs/ISOs. Each list has been
An initial list that inspired this project was maintained till the end
on 2013 at: http://blog.taddong.com/2011/10/hacking-vulnerable-web-applications.html.
Please let me know if there are any mistakes or omissions, or if you
have any suggestions for ways it could be improved.
OWASP ZAP Project leader
- OWASP Vulnerable Web Applications Directory Project psiinon (Oct 18)