The Broken Web Applications Project (BWA) is an effort to provide a wealth of applications with known vulnerabilities for those interested in:
- learning about web application security
- testing manual assessment techniques
- testing automated tools
- testing source code analysis tools
- observing web attacks
- testing WAFs and similar code technologies
The VM requires no installation. Simply extract the files from the archive and then start the VM in a VMware product. Once the machine is booted, you can access it via the console, SSH, or Samba using username=root and password=owaspbwa.
Note – The VM is entirely command line driven. X-Windows or other GUI systems have not been installed.
If you would like to access your VM from links off this site, the one configuration change you may need to make is to add an entry to your hosts file pointing to the name owaspbwa to the IP address of your VM. It is recommended that you do this so that you can follow links on this web site to pages on your local OWASPBWA VM.
Download latest version :
Unix/Linux : OWASP_Broken_Web_Apps_VM_1.0rc1.7z (892.2 MB)
Windows : OWASP_Broken_Web_Apps_VM_1.0rc1.zip (1.2 GB)
Find other version |
Read more in here : https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project