OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

A laboratory for learning secure web and mobile development in a practical manner.

this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

A Deliberately Insecure Web Application

bWAPP latest modified for PHP7 bundled with Docker container

This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).

Package provides a minimal and simple integration to attach OWASP security headers for building a secure Laravel application.

This repository is a Dockerized php application containing a LFI (Local File Inclusion) vulnerability which can lead to RCE (Remote Code Execution).

Structured Query Language

Web application created to introduce beginners to cybersecurity and the OWASP Top 10

Hi Im L, I found a box that I believe it's contain Kira's real ID. for open that box we need to find three keys. let's start looking for them

SQL injection lab built to demonstrate and teach the basics of SQL injection attacks

vulnscanner is a web application source code vulnerability scanner. It could be used to detect if the target project contains any known vulnerabilities. One of the best ways we can do that is to help developers and security professionals improve the web application they are producing that everyone else relies on.

OWASP21-PG is a practical lab that equips enthusiasts, developers & students with skills to identify/prevent web vulnerabilities, particularly in the OWASP Top 10 for 2021. Based on bWAPP, it offers a comprehensive practical lab covering all categories in the OWASP Top 10.

This is a POC for Second Order SQL Injection

Most vulnerable PHP website to carry pentesting.

Implementación Web Application Firewall (WAF) en PHP. Diseñado para detectar y bloquear actividades maliciosas basadas en las reglas OWASP Top 10, filtrando las peticiones HTTP en busca de patrones maliciosos y baneando automáticamente las IPs atacantes usando iptables durante 24 horas.

This repository is a dockerized PHP application containing some captcha logical bypass challenges (scenarios).

Collection of RFI Vulnerability scenarios (challenges) each containing a new bypass technique.