Java Vulnerable is a deliberately vulnerable web application designed for educational purposes in web application security. Developed by the Cyber Security and Privacy Foundation, this application serves as a hands-on learning platform for Java programmers and security enthusiasts to understand common web application vulnerabilities. The application includes various security flaws and weaknesses commonly found in Java web applications, allowing users to practice identifying and exploiting these vulnerabilities in a controlled environment. The complete course content and source code are available on GitHub as an open-source resource. The application can be deployed using Docker for easy setup and isolation. Due to its intentionally vulnerable nature, it is recommended to run this application only in isolated virtual machine environments to prevent security risks to host systems.