OWASP Broken Web Applications

Happy New Year!!! I am giving this blog another go-around. I still am trying to switch fields (application developer to penetration testing). Anyway, you’re not reading this post to get my current life story.

While I was away from this blog, I found OWASP Broken Web Applications, website –> https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

There are different web vulnerable apps in this package. To install, you will need VMWare or VirtualBox. Once you have this, then you can download the iso package. If you do not know how to install an iso into a virtual machine, look at this video for VirtualBox —>

There are an assortment of different vulnerable apps that vary in level of difficulty.

The training applications are:


OWASP WebGoat.Net



Damn Vulnerable Web Application

OWASP ESAPI Java SwingSet Interface

Realistic, intentionally vulnerable applications:

OWASP Vicnum





Google Gruyere

Old (Vulnerable) versions of real applications:








Tiki Wiki



I have read other websites and even wrote on hackernetwork.net (please create an account if you don’t have it!), and I have started with Multilldae, using OWASP ZAP. OWASP ZAP is a proxy that can be used in between the target and the internet. You can download it here: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

You can view a YouTube video describing this by this link:

If you don’t like ZAP proxy, then you can use BurpSuite.

If you’re up for the challenge, try installing this package, and test out some of the applications. I promise it is addicting!!!

About birdofbeauty12

A computer security hopeful, who is blogging about her experiences in transitioning over to that field.

One thought on “OWASP Broken Web Applications

  1. Dharshan says:

    Very Helpfull..

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s