OWASP Broken Web Applications Virtual Machine (VM) Version 1.0rc1 Released!

Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).

The Broken Web Applications Project (BWA) is an effort to provide a wealth of applications with known vulnerabilities for those interested in:

  • learning about web application security
  • testing manual assessment techniques
  • testing automated tools
  • testing source code analysis tools
  • observing web attacks
  • testing WAFs and similar code technologies

The VM requires no installation. Simply extract the files from the archive and then start the VM in a VMware product. Once the machine is booted, you can access it via the console, SSH, or Samba using username=root and password=owaspbwa.

Note – The VM is entirely command line driven. X-Windows or other GUI systems have not been installed.

If you would like to access your VM from links off this site, the one configuration change you may need to make is to add an entry to your hosts file pointing to the name owaspbwa to the IP address of your VM. It is recommended that you do this so that you can follow links on this web site to pages on your local OWASPBWA VM.

Download latest version :
Unix/Linux : OWASP_Broken_Web_Apps_VM_1.0rc1.7z (892.2 MB)
MD5: facaf3b0e6b6ff2869a64684740600d9
Windows : OWASP_Broken_Web_Apps_VM_1.0rc1.zip (1.2 GB) 
MD5: beba78251a2e55664ae3d30c911ed85e

Find other version |
Read more in here : https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project