Skip to content

OWASP Developer Guide

Overview

OWASP Developer Guide

Introduction
Foundations
Foundations
Requirements
Requirements
Design
Design
- Overview
- Threat modeling
  Threat modeling
- Web application checklist
  Web application checklist
- MAS checklist
Implementation
Implementation
- Overview
- Documentation
  Documentation
- Dependencies
  Dependencies
- Secure Libraries
  Secure Libraries
  - Overview
  - ESAPI
  - CSRFGuard
  - OSHP
- MASWE
Verification
Verification
- Overview
- Guides
  Guides
  - Overview
  - WSTG
  - MASTG
  - ASVS
- Tools
  Tools
  - Overview
  - DAST tools
  - Amass
  - OWTF
  - Nettacker
  - OSHP verification
- Frameworks
  Frameworks
  - Overview
  - secureCodeBox
- Vulnerability management
  Vulnerability management
  - Overview
  - DefectDojo
Training and Education
Training and Education
- Overview
- Vulnerable Applications
  Vulnerable Applications
  - Overview Overview
    Table of contents
    
    7.1 Vulnerable Applications
  - Juice Shop
  - WebGoat
  - PyGoat
  - Security Shepherd
- Secure Coding Dojo
- SKF education
- SamuraiWTF
- OWASP Top 10 project
- Mobile Top 10
- API Top 10
- WrongSecrets
- OWASP Snakes and Ladders
Culture building and Process maturing
Culture building and Process maturing
- Overview
- Security Culture
- Security Champions
  Security Champions
- SAMM
- ASVS process
- MAS process
Operations
Operations
Metrics
Metrics
- Overview
Security gap analysis
Security gap analysis
- Overview
- Guides
  Guides
- BLT
Appendices
Appendices
- Implementation Do's and Don'ts
  Implementation Do's and Don'ts
- Verification Do's and Don'ts
  Verification Do's and Don'ts

Overview

Developer guide logo

7.1 Vulnerable Applications

Vulnerable applications are useful for the Training and Education activities described in the SAMM Training and Awareness section, which in turn is part of the SAMM Education & Guidance security practice within the Governance business function.

The intentionally-vulnerable applications provide a safe environment where various vulnerable targets can be attacked. This provides practice in using various penetration tools available to a tester, without the risk of attack traffic triggering intrusion detection systems. The OWASP Vulnerable Web Applications Directory Project (VWAD) provides a comprehensive list of available intentionally-vulnerable web applications:

Vulnerable mobile applications
Offline vulnerable web applications
Containerized vulnerable web applications
vulnerable web applications available Online

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue.