Vulnerable Labs Security Tools

Insecure Web + API application with example Fortify integrations into many DevSecOps and CICD platforms

Insecure Web Application - .NET version

Damn Vulnerable MCP Server

FridaMe is intentionally vulnerable android application developed to demonstrate the usage of Frida.

Damn Vulnerable SCA Application

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

Vulnerable API for research and education

Damn Vulnerable Thick Client App developed in C# .NET

An intentionally vulnerable NGINX setup

LogSnare: A playground for testing, preventing, and logging IDOR vulnerabilities.

Pre-Built Vulnerable Environments Based on Docker-Compose

Repo for all the SKF Docker lab examples

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

A step by step workshop to exploit various vulnerabilities in Node.js and Java applications

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

Damn Vulnerable WordPress

Docker image to test XXE attacks in java with tomcat.

A simple web app with a XXE vulnerability.

A vulnerable blogging platform used to demonstrate XSS vulnerabilities.

Yet Another Vulnerability Database

Damn Vulnerable Web Application (DVWA)

Damn Small Vulnerable Web

An MCP server implementation

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.