List Of Vulnerability Web Application

<a href="http://www.blogger.com/blogger.g?blogID=4148307234956956891"></a>

A test page for XSS meant to be used with the X5S tool.

<a href="http://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project">Broken Web Apps Project (OWASP)</a>

This is the one you want first; it has over a dozen broken web apps to play with.

<a href="http://www.bonsai-sec.com/en/research/moth.php">Bonsai Moth</a>

A VMware image with a collection of broken web applications that you can use for testing web scanners and static analysis tools as well as providing an intro to webappsec.

<a href="http://www.mavensecurity.com/web_security_dojo/">Web Security Dojo (Maven)</a>

Similar to OWASP's Broken Web Apps project, i.e. multiple broken web apps in one place.

<a href="http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project">Webgoat (OWASP)</a>

This is the grand pubah of the testing sites because it includes training with it. Note that it's on the Broken Web Apps image listed above.

<a href="http://www.dvwa.co.uk/">Damn Vulnerable Web App</a>

<a href="http://www.badstore.net/">BadStore</a>

<a href="http://www.mcafee.com/us/downloads/free-tools/hacme-bank.aspx/">Hackme Bank (McAfee)</a>

<a href="http://www.mcafee.com/us/downloads/free-tools/hacme-casino.aspx/">Hackme Casino (McAfee)</a>

<a href="http://www.mcafee.com/us/downloads/free-tools/hacmebooks.aspx">Hackme Books (McAfee)</a>

<a href="http://www.mcafee.com/us/downloads/free-tools/hacmeshipping.aspx">Hackme Shipping (McAfee)</a>

<a href="http://www.mcafee.com/us/downloads/free-tools/hacmetravel.aspx">Hackme Travel (McAfee)</a>

<a href="http://www.bonsai-sec.com/en/research/moth.php">Moth (Bonsai)</a>

<a href="http://suif.stanford.edu/~livshits/securibench/">SecuriBench (Stanford)</a>

<a href="http://sourceforge.net/projects/vicnum/">Vicnum (ipsaplus)</a>

<a href="http://google-gruyere.appspot.com/part1">Google Gruyere</a>

This one is from Google and you can do it both online and as a local install.

<a href="http://code.google.com/p/bodgeit/">Bodgeit</a>

This is a project named Bodgeit hosted with Google.

<a href="http://thebutterflytmp.sourceforge.net/">The Butterfly</a>

<a href="http://sourceforge.net/projects/exploitcoilvuln/">Exploit.co.il</a>

<a href="http://hackxor.sourceforge.net/cgi-bin/index.pl">Hackxor</a>

<a href="http://sourceforge.net/projects/lampsecurity/">LampSecurity</a>

<a href="http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10">MultiDae</a>

<a href="https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project">Insecure Web App Project (OWASP)</a>

<a href="https://www.owasp.org/index.php/Category:OWASP_Vicnum_Project">Vicnum (OWASP)</a>

<a href="http://peruggia.sourceforge.net/">Peruggia</a>

<a href="http://code.google.com/p/puzzlemall/">Puzzlemall</a>

<a href="https://github.com/SpiderLabs/SQLol/downloads/">SQLol</a>

<a href="https://github.com/adamdoupe/WackoPicko/">WackoPicko</a>

<a href="http://www.mavensecurity.com/WebMaven/">Web Security Dojo</a>

<a href="http://www.hackthissite.org/">Hack This Site Community</a>

<a href="http://www.hellboundhackers.org/">Hellbound Hackers</a>

<a href="http://www.p0wnlabs.com/free/vms/">p0wnlabs</a>

<a href="http://www.nottrusted.com/watcher/">Watcher Tests</a>