bWAPP
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
bWAPP
A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities.
Data verified May 2026
ADYour product here. Reach security decision-makers.Launch a campaignbWAPP Description
bWAPP, a buggy web application! bWAPP an extremely buggy web app ! Home Bugs Download Talks & Training Blog Home bWAPP, or a buggy web application, is a free and open source deliberately insecure web application. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. What makes bWAPP so unique? Well, it has over 100 web vulnerabilities! It covers all major known web bugs, including all risks from the OWASP Top 10 project. bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP. Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP. Download our What is bWAPP? introduction tutorial, including free exercises... bWAPP is for web application security-testing and educational purposes only. Have fun with this free and open source project! Cheers, Malik Mesellem bWAPP is licensed under © 2022 MME BV / Follow @MME_IT on Twitter and ask for our cheat sheet, containing all solutions! / Need an exclusive training?
bWAPP FAQ
Common questions about bWAPP including features, pricing, alternatives, and user reviews.
bWAPP is A free and open-source deliberately insecure web application for security enthusiasts, developers, and students to discover and prevent web vulnerabilities. It is a Security Operations solution designed to help security teams with Bug Bounty, PHP.
bWAPP is a free Security Operations tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://www.itsecgames.com/ for download and installation instructions.
Popular alternatives to bWAPP include:
1.SQL Injection Labs - A project developed for pentesters to practice SQL Injection concepts in a controlled environment. (Free)
2.hackxor - A platform offering hacking missions to test and enhance skills. (Free)
3.OWASP Hackademic Challenges - OWASP Hackademic Challenges is an educational web platform offering 10 realistic vulnerability scenarios for learning information security concepts through hands-on exploitation in a controlled environment. (Free)
4.Mellivora - Mellivora Mellivora is a PHP-based CTF engine that provides comprehensive competition hosting capabilities with challenge management, team scoring, and administrative tools for cybersecurity competitions. (Free)
5.Damn Vulnerable Web Application (DVWA) - A deliberately vulnerable PHP/MySQL web application designed for security training, testing, and educational purposes in controlled environments. (Free)
Compare all bWAPP alternatives at https://cybersectools.com/alternatives/bwapp
bWAPP is for security teams and organizations that need Bug Bounty, PHP. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Security Operations tools can be found at https://cybersectools.com/categories/security-operations
Have more questions? Browse our categories or search for specific tools.
