Vulnerable practice applications


Looking for vulnerable applications to test your exploitation skills? This category of tools has some good practice targets to develop your abilities. They can be used both by attackers as those doing software development.


Vulnerable practice applications are typically used for exploit development, learning, service exploitation, vulnerability testing.

Users for these tools include developers, pentesters, security professionals.


Popular vulnerable practice applications

Damn Small Vulnerable Web (deliberately vulnerable application)

application testing, learning, skill development, vulnerability testing

Damn Small Vulnerable Web (DWVW) is a deliberately vulnerable web application to test your exploitation skills. It provides developers and penetration testers a practice tool. For developers, it is good to see common mistakes and create more secure software. Pentesters will be able to improve vulnerability detection and improving their attacks. Hopefully with the end goal of achieving privilege escalation or unauthorized data retrieval.

vuLnDAP (vulnerable web application based on LDAP)

application security, learning, penetration testing

VuLnDAP is a tool to show what can happen when a web application becomes vulnerable due to the business logic behind it. This tool uses LDAP, a common authentication protocol, to show such weaknesses. This tool helps penetration testers more about LDAP. At the same time, it provides useful insights to web and software developers to create more secure software.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.

Related topics

Looking for more specific topics within this tool group? Have a look at the following relevant topics.