OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Sakai is a freely available, feature-rich technology solution for learning, teaching, research and collaboration. Sakai is an open source software suite developed by a diverse and global adopter co…

WebGoat is a deliberately insecure application

Purposely vulnerable Java application to help lead secure coding workshops

Damn Vulnerable C# Application (API)

Malicious Packages and Users are infiltrating software around the globe. Examples of Account Takeover, Dependency Confusion, Hacktivism and Chain/Repo-Jacking are being used to infect your software.

A simple Python (flask) polling application

CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool

Super vulnerable todo list application

For use with DevSecOps workshop

Self-hosted retro tool aimed at helping remote teams

Latest snyk goof

A Very Vulnerable Node.js Express.js Web Application and API. Used for testing Security tools, Application security and penetration testing. Using Swagger, Sqlite, Sequelize.

Damn Vulnerable NodeJS Application