
Apps To Test – Hacking Vulnerable Web Applications
Want to go further with your test skills and test for applications vulnerabilities?
Want to know how hackers do?
The best thing is having test applications prepared to do so.
Here’s a list of applications that are happy for anyone to go and hack as much as you can.
Go and test for vulnerability and exploit these web applications.
1. Altoro Mutual
IBM Corporation published the Altoro Mutual website for the sole purpose of demonstrating the effectiveness of AppScan in detecting web application vulnerabilities and website defects. IBM offers a free trial of AppScan that you can download and use to scan this website. This site is not an accurate banking site.
Similarities, if any, to third party products and websites are purely coincidental. This site is provided “as is” without warranty of any kind, either express or implied. IBM does not assume any risk concerning your use of this website.
For additional Terms of Use, please go to Terms of Use on ibm.com.
2. Gruyere
This code lab is built around Gruyere /ɡruːˈjɛər/ – a small, cheesy web application that allows its users to publish snippets of text and store assorted files. “Unfortunately,” Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery to information disclosure, denial of service, and remote code execution. The goal of this code lab is to guide you through discovering some of these bugs and learning ways to fix them both in Gruyere and in general.
3. Hack.me
Hack.me is a FREE, community-based project powered by eLearnSecurity.
The community can build, host and share vulnerable web application code for educational and research purposes.
It aims to be the most extensive collection of “runnable” vulnerable web applications, code samples and CMS’s online.
The platform is available without any restriction to any party interested in Web Application Security:
- students
- universities
- researchers
- penetration testers
- web developers
4. OWASP
The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:
- learning about web application security
- testing manual assessment techniques
- testing automated tools
- testing source code analysis tools
- observing web attacks
- testing WAFs and similar code technologies
All the while saving people interested in either learning or testing the pain of having to compile, configure, and catalogue all of the things typically involved in doing this process from scratch.
5. LAYAKK
Twitter: @layakk
Layakk is a company that is dedicated to providing the most advanced security services and products to customers.
Founded in 2013 by Jose Pico and David Perez, the company’s strategy is based on two pillars: research and engineering.
6. DinoSec
Twitter: @dinosec
DinoSec is an independent information security company established in Spain in 2008, with a worldwide service scope, focused on improving its customer’s information security stance by discovering and eliminating or mitigating the real risks that threaten their information technology infrastructures, applications, devices, systems and networks.
DinoSec’s portfolio includes specialized information security services, requiring in-depth technical knowledge and broad understanding of the information technology market and advanced research and training services focused on providing customers with self-defence skills.
DinoSec remains at the forefront of the security market through continuous research and education activities.
The company core values, the foundation for all its services, are based on the following central tenets: excellence, quality, honesty, knowledge sharing, independence, and innovation.
7. Raúl Siles
Twitter: @raulsiles
Raul Siles is a senior Independent Security Consultant specializing in advanced security solutions and prevention, detection and response services in various industries (government, defence, telecom, manufacturing, financial, healthcare).
Raul’s expertise and service offerings include security architectures design and review, penetration tests, incident handling, forensic and malware analysis, network, system, database and application security assessments and hardening, code security reviews, wireless security, honeynets solutions, intrusion detection/prevention, expert witness, information security management and safety awareness and training (through The SANS Institute).