Featured post

Top 5 offline website to practice Hacking Skills

Top 5 offline website to practice Hacking Skills 

These are some vulnerable web apps to practice your hacking skills.

    1. Damn Vulnerable Web App (DVWA) 

is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

     2. The BodgeIt

 Store is a vulnerable web application which is currently aimed at people who are new to pen testing.Note that the BodgeIt Store is now available as a Docker image: https://hub.docker.com/r/psiinon/bodgeit/Some of its features and characteristics:
  • Easy to install - just requires java and a servlet engine, e.g. Tomcat
  • Self contained (no additional dependencies other than to 2 in the above line)
  • Easy to change on the fly - all the functionality is implemented in JSPs, so no IDE required
  • Cross platform
  • Open source
  • No separate db to install and configure - it uses an 'in memory' db that is automatically (re)initialized on start up.

  3. OWASP Mutillidae II

OWASP Mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiest. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP. It is pre-installed on SamuraiWTF and OWASP BWA. The existing version can be updated on these platforms. With dozens of vulns and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. Mutillidae has been used in graduate security courses, corporate web sec training courses, and as an "assess the assessor" target for vulnerability assessment software.


  4. Owasp hackademic challenges
The OWASP Hackademic Challenges Project helps you test your knowledge on web application security. You can use it to actually attack web applications in a realistic but also controllable and safe environment.


 5. WebGoat: A deliberately insecure Web Application

 ebGoat: A deliberately insecure Web Application

The WebGoat Lesson Server, is currently UNDER MAJOR DEVELOMENT.

As of February 1st 2016, the version "7.0.1" is considered the first STABLE version of a major architecture and UI changes.

Older/Legacy version of WebGoat an be found at: WebGoat-Legacy

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.

This program is a demonstration of common server-side application flaws. The exercises are intended to be used by people to learn about application security and penetration testing techniques.