Top 5 (Deliberately) Vulnerable Web Applications to Practice Your Skills On

The OWASP Top 10 includes the top 10 vulnerabilities which are followed worldwide by security researchers and developers. You must have heard or used lots of tools for penetration testing, but to use those tools, you must have a vulnerable web application.

To enter the world of security, you must have hands-on experience finding bugs and vulnerabilities in a web application. Practicing your skills always help you in your career and professional growth. If you are a beginner, then you must test your skills before entering the professional world: it allows you to understand the procedures and methods of securing web apps. If you are a teacher, then you can show your students how things get done: this will help you to evaluate yourself where you stand and which areas you need to improve more.

In short, you must practice your skills before facing real-world security scenarios. Practice will count as an experience that is eventually going to benefit you in the long run.

I am going to discuss top five broken or vulnerable web applications which you can use to test or practice your skills, and and which you can easily host at localhost.

1. DVWA – It stands for Damn Vulnerable Web App. It is based on PHP and runs on MySQL database server, which is indeed damn vulnerable. It has three levels of security: Low, Medium, and High. Each level of security demands different skills. Developers have decided to share its source code, too, so that security researchers can see what is going on at the backend.

DVWA has vulnerabilities like XSS, CSRF, SQL injection, file injection, upload flaws and more, which is great for researchers to learn and help others learn about these flaws. Researchers can also use their various tools to capture packets, brute force, (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Shubham Vashist. Read the original post at:

Avatar photo

Shubham Vashist

Shubham Vashist, from India, is an enthusiastic Information Security Researcher & Web application Security Tester. Having earned a Computer Science and Engineering degree, he has gained experience by learning, practicing and reporting bugs to application vendors. His passion is to secure the applications from attackers and make them reliable.

shubham-vashist has 4 posts and counting.See all posts by shubham-vashist