1 – Bricks
It is a vulnerable app to practice AppSec. Bricks is a Web application based on PHP that is intentionally vulnerable to a MySQL database, in which each “brick” has a vulnerability to reduce security. The project offers a forum for AppSec learning and teaching and a way to test web application scanners. Three types of “bricks,” each with different types of vulnerabilities, are standard for the application environment, are available in login pages, file upload pages, and material pages.
2 – bWAPP
bWapp is also another vulnerable apps to practice AppSec. The “free and open-source Web application” is a free, open-source, intentionally insecure web application. There are over 100 general problems originating from the OWASP Top 10 vulnerabilities to keep an eye out for. PHP and MySql are using in BWAPP. Download the project here. bWAPP also provides a special Linux VM that’s pre-installed with bWAPP for more advanced users.
The Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach and learn about web application security in a classroom environment.
4 – Google Gruyere
The ‘cheesy’ insecure site has security flaws, and the design of the website is for beginners in application security. The aims of the labs are: to learn how hackers can detect security weaknesses, manipulate Web applications, and avoid getting detected. Written in Python, Gruyere gives both black box and white box testing perspectives.
5 – iGOAT
The OWASP iGoat project is a security learning tool for iOS developers. In addition, they learn about security weaknesses in iOS. Moreover, they break things as well as fix them.