An intentionally vulnerable Spring Boot application designed for security research, defensive analysis, and secure coding education in modern Java-based systems.

A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.

Bash script to manage insecure web apps using docker and hosts aliases for pentest practice

Deliberately vulnerable REST API for OWASP Top 10 (2023) security testing and learning.

gRPC Goat is a "Vulnerable by Design" lab created to provide an interactive, hands-on playground for learning and practicing gRPC security.

Insecure Web Application - .NET version

Insecure Web Application - Java version

Capture the flag challenges

A very silly vulnerable application to review your knowledge about basics of cybersecurity.

Insecure Web Application - .NET version

An insecure microservices demo application.

Insecure Web Application - Java version

Sample Java source code containing vulnerabilities to illustrate Fortify usage

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

An insecure React Native mobile application for use in Micro Focus demonstrations

Damn Vulnerable NodeJS Application

Repository for code, PoCs and others for "Security development for Muggles"

WebGoat is a deliberately insecure application

Web and mobile application security training platform

Demo project with open source obstacles