With the help of ready made vulnerable applications, you actually get a good enhancement of your skills because it provides you an environment where you can break and hack legally allowing you to learn in a safe environment.
Here we are listing the best 4 vulnerable projects/applications to practice your hacking skills.
1) bWAPP – Buggy Web Application
A buggy web application, free and open source which helps security enthusiasts, developers and students to discover and prevent web vulnerabilities. The most interesting thing about bWAPP is that it has more than 100 vulnerabilities and covers all major web bugs from SQL Injection to Heartbleed openssl etc. It can be hosted on both Linux/Windows OS.
There are two versions of bWAPP are there: Either you can download the project files and install it in under your Apache server and another possibility is to download the bee-box ISO file directly which is based on LINUX virtual machine in which bWAPP is pre-installed.
HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues
Unvalidated redirects and forwards, and cookie poisoning
Cookie poisoning and insecure cryptographic storage
Server Side Request Forgery (SSRF)
XML External Entity attacks (XXE)
And much much much more…
2) DVWA – Damn Vulnerable Web Application
DVWA is a PHP/MYSQL web application that is damn vulnerable. The main goal are to be an aid for security professionals to enhance their skills in a legal environment. The latest version of DVWA is v1.9 which is more stable than others. You can also download the LIVE CD from Github.
If you want to install DVWA in your Windows OS, then you have to use WAMP or XAMPP tool.
If you want to install DVWA in your Linux OS, then you have to use LAMP.
The Default username of DVWA web application is “admin” and password is “password”.
3) Mutillidae – OWASP
Its a free and opensource web application which definitely improve your learning skills. It can easily be installed on Linux and Windows machine using LAMP/WAMP and XAMPP. It has over 40 vulnerabilities and challenges. Pre installed on Rapid7 Metasploitable2, Samurai Web testing framework(SWTF), Owasp Broken Web Apps (OBWA).
You can easily restore the whole application with a single click. Users can easily switch between secure and insecure modes. It also allows SSL to be enforced in order to practice SSL Striping.
Webgoat is one of the most popular OWASP projects as it provides a realistic teaching and learning environment to teach users about complex application security issues and can be easily installed on Windows and Linux machines.