Vulnerable Apps
Explore 13 curated tools and resources
Search by name, description, or purpose... (⌘+K)
PINNED
Promoted • 6 toolsCommercial
Data Protection
Commercial
Network Security
Commercial
Consulting
Commercial
Application Security
Commercial
Cloud Security
Commercial
Application Security
Want your tool featured here?
Get maximum visibility with pinned placement
LATEST ADDITIONS
A list of vulnerable applications for testing and learning
A list of vulnerable applications for testing and learning
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
OVAA is an intentionally vulnerable Android application that aggregates common platform security vulnerabilities for educational and security testing purposes.
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
A collection of vulnerable web application test cases designed to benchmark and evaluate the effectiveness of static security analyzers and penetration testing tools.
SecGen is an open-source framework that automatically generates vulnerable virtual machines and hacking challenges for cybersecurity education and penetration testing training.
SecGen is an open-source framework that automatically generates vulnerable virtual machines and hacking challenges for cybersecurity education and penetration testing training.
A Linux-based environment for penetration testing and vulnerability exploitation
A Linux-based environment for penetration testing and vulnerability exploitation
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
AHHHZURE is an automated deployment script that creates vulnerable Azure cloud lab environments for offensive security training and cloud penetration testing practice.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
CloudGoat is a vulnerable-by-design AWS deployment tool that creates intentionally insecure cloud environments for hands-on cybersecurity training through capture-the-flag scenarios.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
AzureGoat is a deliberately vulnerable Azure cloud infrastructure that incorporates OWASP Top 10 vulnerabilities and Azure service misconfigurations for security training and penetration testing practice.
Linux-based operating system intentionally vulnerable for cybersecurity practice.
Linux-based operating system intentionally vulnerable for cybersecurity practice.
NodeGoat provides an environment to learn and address OWASP Top 10 security risks in Node.js web applications.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
DVXTE is a Docker-based training platform containing multiple vulnerable applications designed for cybersecurity education and skill development.
A vulnerable web site for testing Sentinel features
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.
DVHMA is an intentionally vulnerable Android hybrid mobile app built with Apache Cordova for security testing and educational purposes.