Update OWASP Broken Web Applications Project v-1.0

changes version 1.0 : 2012-07-24
– Added new application: WIVET (http://code.google.com/p/wivet/)
– Updated WAVSEP, Mutillidae, Vicnum
– Created new category for “Applications for Testing Tools”, containing
– Major update to User Guide at http://code.google.com/p/owaspbwa/wiki/UserGuide.
Removed some other project Wiki pages that were incorporated into User Guide.
– More improvements to index.html


Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).

The Broken Web Applications Project (BWA) is an effort to provide a wealth of applications with known vulnerabilities for those interested in:

  • learning about web application security
  • testing manual assessment techniques
  • testing automated tools
  • testing source code analysis tools
  • observing web attacks
  • testing WAFs and similar code technologies

The VM requires no installation. Simply extract the files from the archive and then start the VM in a VMware product. Once the machine is booted, you can access it via the console, SSH, or Samba using username=root and password=owaspbwa.

Note – The VM is entirely command line driven. X-Windows or other GUI systems have not been installed.

If you would like to access your VM from links off this site, the one configuration change you may need to make is to add an entry to your hosts file pointing to the name owaspbwa to the IP address of your VM. It is recommended that you do this so that you can follow links on this web site to pages on your local OWASPBWA VM.

Download latest version :
OWASP_Broken_Web_Apps_VM_1.0.7z (993.4 MB)
OWASP_Broken_Web_Apps_VM_1.0.zip (1.4 GB) 
Find other version |
Read more in here : http://www.owaspbwa.org/
Our Post Before :