OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

A burp suite extension that reviews backup, old, temporary and unreferenced files on web server for sensitive information (OWASP WSTG-CONF-04, OTG-CONFIG-004)

A burp suite extension that enumerates infrastructure and application admin interfaces (OTG-CONFIG-005)

this repository is a docker containing some "XSS vulnerability" challenges and bypass examples.

A simple PHP application to learn SQL Injection detection and exploitation techniques.

Python and Django implementation of the OWASP RailsGoat project

This repository is a dockerized PHP application containing some file upload vulnerability challenges (scenarios).

OWASP LLM (Large Language Model) Top 10

PoC for CVE-2021-45897

PoC for CVE-2022-23940

Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021

Aplicación vulnerable al OWASP Top 10 2021, para el Curso de OWASP Top 10: Riesgos en Aplicaciones.

OWASP - San Juan Chapter

Praktek API Penetration Testing menggunakan Owasp crAPI

This repository is a dockerized PHP application containing some captcha logical bypass challenges (scenarios).

OWASP Mobile Top 2016 📱

This will test various HTTP Request types against a web server