bWAPP, or a buggy web application, is a deliberately insecure web application. It helps security enthusiasts, systems engineers, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful web application penetration testing and ethical hacking projects. It is made for educational purposes.
What makes bWAPP so unique? Well, it has over 100 web bugs! bWAPP covers all major known web vulnerabilities, including all risks from the OWASP Top 10 project.
Download bWAPP from here.
Another possibility is to download our bee-box, a custom Linux VM pre-installed with bWAPP. bee-box gives you several ways to hack and deface the bWAPP web application. It's even possible to hack the bee-box to get full root access... With bee-box you have the opportunity to explore all bWAPP vulnerabilities. Hacking, defacing and exploiting without going to jail... how cool is that!?!
Download bee-box from here.
Current version: bWAPP v2.1
Release date: 27/09/2014
Total bugs: > 100
- Base64 Encoding (Secret)
- Broken Authentication - CAPTCHA Bypassing
- Cross-Site Scripting - Stored (User-Agent)
- iFrame Injection
- Shellshock Vulnerability (CGI)
- SQL Injection - Stored (User-Agent)