List Of Vulnerability Web Application on Hands for Practical Experiments

Hello!! Security Folks If  you want more  details on  how to learn  web application security, please go to the Source. 

 

Internet-accessible

• Google Gruyere
  This one is from Google and you can do it both online and as a local install.
• zero.webappsecurity.com (HP)
  I happen to know this one is o.k. to scan.
• demo.testfire.net (IBM)
• test.acunetix.com (Acunetix)
• testphp.vulnweb.com (Acunetix)
• testasp.acunetix.com (Acunetix)
• testaspnet.acunetix.com (Acunetix)
• Cenzic's Crack Me Bank
• Hacker Test
  This one is not like the others; it's not a full website you'd scan, but rather more like a puzzle where you proceed through various levels.
• Hax.tor
  Another challenge, similar to Hacker Test.
• The Enigma Group
  A beginner-focused online resource for web hacking.
• HACKME Game
  A software security learning game.
• OWASP Hackademic
  An OWASP project aimed at helping people learn web security through a series of challenges.
• Test Page for the x5s Tool
  A test page for XSS meant to be used with the X5S tool.

Download and Configure

• Broken Web Apps Project (OWASP)
  This is the one you want first; it has over a dozen broken web apps to play with.
• Bonsai Moth
  A VMware image with a collection of broken web applications that you can use for testing web scanners and static analysis tools as well as providing an intro to webappsec.
• Web Security Dojo (Maven)
  Similar to OWASP's Broken Web Apps project, i.e. multiple broken web apps in one place.
• Webgoat (OWASP)
  This is the grand pubah of the testing sites because it includes training with it. Note that it's on the Broken Web Apps image listed above.
• Damn Vulnerable Web App
• BadStore
• Hackme Bank (McAfee)
• Hackme Casino (McAfee)
• Hackme Books (McAfee)
• Hackme Shipping (McAfee)
• Hackme Travel (McAfee)
• Moth (Bonsai)
• SecuriBench (Stanford)
• Vicnum (ipsaplus)
• Google Gruyere
  This one is from Google and you can do it both online and as a local install.
• Bodgeit
  This is a project named Bodgeit hosted with Google.
• The Butterfly
• Exploit.co.il
• Hackxor
• LampSecurity
• MultiDae
• Insecure Web App Project (OWASP)
• Vicnum (OWASP)
• Peruggia
• Puzzlemall
• SQLol
• SQLol
• WackoPicko
• Web Security Dojo

Additional Resources

• Hack This Site Community
• Hellbound Hackers
• p0wnlabs
• Watcher Tests

Source:DanielMiessler