Damn Vulnerable Web Services
Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities. The aim of this project is to help security professionals learn about Web Application Security through the use of a practical lab environment. This application includes the following vulnerabilities: - WSDL Enumeration - XML External Entity Injection - XML Bomb Denial-of-Service - XPATH Injection - WSDL Scanning - Cross Site-Tracing - OS Command Injection - Server Side Request Forgery - REST API SQL Injection - Same Origin Method Execution - JSON Web Token (JWT) Secret Key Brute Force - Cross-Origin Resource Sharing Instructions: DVWS can be used with a XAMPP setup. XAMPP is a free and open source cross-platform web server solution which mainly consists of an Apache Web Server and MySQL database. To setup, download and install the XAMPP setup first. Next, download the dvws folder and copy the folder to your htdocs directory. Lastly, Setup or reset the database by going to http://localhost/dvws/instructions.php
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Revelo is an experimental Javascript deobfuscator tool with features to analyze and deobfuscate Javascript code.
Tenable One Exposure Management Platform is a comprehensive platform for vulnerability management and exposure management.
An AI-powered code security tool that analyzes code for vulnerabilities and provides automated fix suggestions to accelerate remediation.
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application for client-server communication with numerous vulnerabilities.
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
A deliberately vulnerable modern day app with lots of DOM related bugs
An AI-powered API security testing platform that performs continuous vulnerability assessment, attack surface mapping, and compliance monitoring of API endpoints.
A next-generation web scanner that identifies websites and recognizes web technologies, including content management systems, blogging platforms, and more.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.