WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners. WackoPicko is now included as an application in the OWASP Broken Web Applications Project which is a Virtual Machine with numerous intentionally vulnerable applications. For easy access, a Docker image has been created for WackoPicko, allowing users to run it with a simple command.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Emulates browser functionality to detect exploits targeting browser vulnerabilities.
A tool to profile web applications based on response time discrepancies.
Security design review automation tool that scans design documents and provides security requirements to development teams during the planning phase.
An ASPM platform that provides software supply chain security through risk assessment, prioritization, and protection mechanisms.
Static application security testing (SAST) tool for scanning source code against security and privacy risks.
A managed Web Application and API Protection (WAAP) platform that combines WAF, API security, DDoS protection, and bot mitigation with 24/7 monitoring services.
An API security platform that provides automated discovery, documentation, and continuous security testing throughout the API lifecycle.
ImmuniWeb® On-Demand is a web application penetration testing platform that combines AI-powered automation with manual security testing to provide comprehensive vulnerability assessments and compliance reporting.
API Security is a comprehensive solution that provides continuous discovery, vulnerability assessment, threat detection, compliance monitoring, dynamic testing, and remediation capabilities to protect APIs against various threats and vulnerabilities.
PINNED

Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.