List of Vulnerable Apps

  1. Knowledge Base
  2. InfoSec
  3. List of Vulnerable Apps

Vulnerable Apps To (Legally) Practice Your Hacking Skills!

Offensive security is a growing sector in the IT world. The role of a penetration tester is bigger than some year ago because the Internet now is a concrete part of the everyday life, work, and habits.

Use these vulnerable apps to practice your hacking skills so you can be the best defender you can.

Always remember: Deliberate practice improves the performance! 

Here's the list of Vulnerable Web Apps;


These Vulnerable Apps are designed to help you understand the following security issues.

  • SQL Injection – Error Based
  • SQL Injection – Blind
  • OS Command Injection
  • XPATH Injection
  • Formula Injection
  • PHP Object Injection
  • Unrestricted File Upload
  • Reflected Cross-Site Scripting
  • Stored Cross-Site Scripting
  • DOM Based Cross Site Scripting
  • Server-Side Request Forgery (Cross Site Port Attacks)
  • File Inclusion
  • Session Issues
  • Insecure Direct Object Reference
  • Missing Functional Level Access Control
  • Cross-Site Request Forgery (CSRF)
  • Cryptography
  • Unvalidated Redirect & Forwards
  • Server Side Template Injection
  • & much more ...

Good Luck and Happy Hacking!

You may also be interested in reading, Web Security for Anybody and a Step by Step Guide on a How to Create Your First Ethical Hacking Environment.

What other sites have you used to practice on? Let us know below!