Thursday, May 29, 2014

Hacking Vulnerable Web Applications Without Going To Jail

While teaching web application security and penetration testing, one of the most prevalent questions from the audience at the end of every week is: "How and where can I (legally) put in practice all the knowledge and test all the different tools we have covered during the training (while preparing for the next real-world engagement)?" Along the years I have been providing multiple references to the attendees (including the option of testing real-world vulnerable open-source web applications) and mentioned several times that I had a pending blog post listing all them together... Today is the day! ;)... and I will be able to refer people here in future training sessions.

This blog post provides an extensive and updated list (as of October 20, 2011) of vulnerable web applications you can test your web hacking knowledge, pen-testing tools, skills, and kung-fu on, with an added bonus... without going to jail :) The vulnerable web applications have been classified in three categories: offline, VMs/ISOs, and online. Each list has been ordered alphabetically.

Offline: The following list references downloadable vulnerable web applications to play with that can be installed on a standard operating system (Linux, Windows, Mac OS X, etc) using a standard web platform (Apache/PHP, Tomcat/Java, IIS/.NET, etc).
Virtual Machines (VMs) or ISO images: The following list references preinstalled and ready to use virtual machines (VMs) or ISO images that contain one or multiple vulnerable web applications to play with.
Online/Live: The following list references online and live vulnerable web applications available on the Internet to play with.
For completeness, there have been some other similar lists published in the past that I'm aware of, and also some "in-the-cloud" commercial training lab options are getting popular (let's call them "pay-per-hack" :-). Enjoy all these different web vulnerable environments and sharp your web app pen-testing skills and tools practicing with them!


  1. whoah this blog is fantastic i like studying your articles.
    Stay up the great work! You already know,
    lots of persons are hunting round for this info, you can help them greatly.

    My weblog: old dominion

  2. Hi my loved one! I want to say that this
    post is amazing, nice written and include approximately all significant infos.
    I'd like to peer more posts like this .

    Also visit my site - phoenix criminal attorneys

  3. Updates About Wrestlingwrestle-mania

    Great Articlemesothelioma-lawsuit

    Icc cricket World Cup 2019 UpdatesIcc cricket world cup 2019

    World Cup 2019 UpdatesWorld cup 2019

    ARTICLES Updates 2019Free Fb Hacks

  4. Enduring Jail - Attend community gatherings. It's in every case great to attempt and vindicate yourself profoundly while you're in jail, which can include going to chapel.gurl shi ,gcurv

  5. Passive Income EducationPassive Income Education
    Icc cricket World Cup 2019 UpdatesIcc cricket world cup 2019
    Passive Income vs Non-Passive IncomePassive Income vs Non-Passive Income
    ARTICLES Updates 2019Free Fb Hacks
    How to buy and sell blogs and websites for passive profitsHow to buy and sell blogs and websites for passive profits

  6. Contact ( if you want to get your job done urgently? Are you facing delay and unnecessary excuses and error on your job. Worry no more for the best in any hacking job. What do you want from hacking service. He can render it with swift response and no delay on your job 100% guarantee. Contact him at ( ) His service list is outline as follows 1. University grades changing 2. Social media; Facebook, Whatsapp, IG, Snapchat, iCloud, Email, Text messages, Call logs, Skype etc. 3. Bank accounts hack 6. Website crashed hack 7. Server crashed hack 8. Sales of Spyware and Keylogger software 9. Retrieval of lost file/documents 10. Erase criminal records hack 11. Databases hack 12. Sales of Dumps cards of all kinds 13. Untraceable IP 14. Individual Computers Hack 15. Money Transfer 16. Crediting