bWAPP, or a
buggy web application, is a deliberately insecure web application. It
helps security enthusiasts, systems engineers, developers and students
to discover and to prevent web vulnerabilities. bWAPP prepares one to
conduct successful web application penetration testing and ethical
hacking projects. It is made for educational purposes.
What makes bWAPP so unique? Well, it has over 100 web bugs! bWAPP covers
all major known web vulnerabilities, including all risks from the OWASP
Top 10 project.
Download bWAPP from here.
Another possibility is to download our bee-box, a custom Linux VM pre-installed with bWAPP. bee-box gives you several ways to hack and deface the bWAPP web application. It's even possible to hack the bee-box to get full root access... With bee-box you have the opportunity to explore all bWAPP vulnerabilities. Hacking, defacing and exploiting without going to jail... how cool is that!?!
Download bee-box from here.
Current version: bWAPP v2.1
Release date: 27/09/2014
Total bugs: > 100
New bugs
- Base64 Encoding (Secret)
- Broken Authentication - CAPTCHA Bypassing
- Cross-Site Scripting - Stored (User-Agent)
- iFrame Injection
- Shellshock Vulnerability (CGI)
- SQL Injection - Stored (User-Agent)
