Update OWASP Broken Web Applications Project v-1.0rc2

changes version 1.0rc2 :  2012-07-14
– Added new application: wavsep (http://code.google.com/p/wavsep/)
– Updated WebGoat.NET, WebGoat (Java), and other applications from source
repositories.  Updated Mutillidae.
– Removed links to OWASP ESAPI SwingSet (non-Interactive).  That application
has been deprecated and replaced by the SwingSet Interactive.
– Changed version numbers in index.html to better indicate applications that
are updated from public SVN or GIT repositories.
– Layout improvements to index.html file (layout could still use some work).
– Fixed bugs in Yazd (may have been present in 1.0rc1 or before)
– Changes MySQL configuration to store database and table names as lower case
(facilitates use of software written on Windows that may not strictly adhere
to one case for identifiers)


Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).

The Broken Web Applications Project (BWA) is an effort to provide a wealth of applications with known vulnerabilities for those interested in:

  • learning about web application security
  • testing manual assessment techniques
  • testing automated tools
  • testing source code analysis tools
  • observing web attacks
  • testing WAFs and similar code technologies

The VM requires no installation. Simply extract the files from the archive and then start the VM in a VMware product. Once the machine is booted, you can access it via the console, SSH, or Samba using username=root and password=owaspbwa.

Note – The VM is entirely command line driven. X-Windows or other GUI systems have not been installed.

If you would like to access your VM from links off this site, the one configuration change you may need to make is to add an entry to your hosts file pointing to the name owaspbwa to the IP address of your VM. It is recommended that you do this so that you can follow links on this web site to pages on your local OWASPBWA VM.

Download latest version :
OWASP_Broken_Web_Apps_VM_1.0rc2.7z (979.5 MB)
OWASP_Broken_Web_Apps_VM_1.0rc2.zip (1.3 GB) 
Find other version |
Read more in here : https://www.owasp.org 
Our Post Before : http://seclist.us/owasp-broken-web-applications-virtual.html