Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

Self-deployed Straight-forward hacking lab machine which designed for new comer who want to learn Penetration Testing field that running inside Docker for easy setup.

Sample vulnerable code and its exploit code

Damn Vulnerable Java (EE) Application

Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.

VyAPI - A cloud based vulnerable hybrid Android App

Conviso Vulnerable Web Application is the OSS project from the Conviso Application Security for the community. The project represents a vulnerable web application to practice security testing and improve your learning in AppSec..

Examples of different vulnerabilities, in a variety of languages, shapes and sizes.

📧 [Research] E-Mail Injection: Vulnerable applications

OWASP Foundation Web Respository

This is a collection of vulnerable machines that can help you to learn hacking, pentesting and bug hunting. I know there are a lot of lists out there, but most of them are not updated regularly. So I decided to make on myself. Hope this will help you

Several snippets of vulnerable code in different programming languages.

File Content Disclosure on Rails Test Case - CVE-2019-5418

IOTgoat is a vulnerable firmware made by the OWASP project. This is a custom made version of the 'IOTgoat firmware' built for the A5-V11 mini 3G router. This branch brings back the vulnerable IOT firmware back to a real IOT device, for a more realistic experience of IOT device exploitation on a budget.

Another vulnerable application for practicing web penetration testing.

Sample Spring API for testing

An intentionally vulnerable AI chatbot to learn and practice AI Security.