bWAPP, or a buggy web application, is a free and open source deliberately insecure web application developed by MME. It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities. bWAPP prepares one to conduct successful penetration testing and ethical hacking projects. "A security testing framework made for educational purposes".
What makes bWAPP so unique? Well, it has over 100 different web vulnerabilities and issues!
It covers all major known web bugs, including all risks from the OWASP Top 10 project. The OWASP Top 10 represents a broad consensus about what the most critical web application security flaws are.
bWAPP is an open source PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP. Another possibility is to download our bee-box, a virtual machine pre-installed with bWAPP.
bWAPP and bee-box can both be downloaded from here.
- Injections including SQL, SSI, XML,...
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Web Services issues (SOAP/WSDL)
- Heartbleed bug (OpenSSL)
- Shellshock vulnerability (CGI)
- Drupageddon & Drupalgeddon2 (new!)
- Local/remote file inclusions (LFI/RFI)
- XML External Entity attacks (XXE)
- Denial-of-Service (DoS) attacks
Do not hesitate to contact us if you have any questions. We will gladly help you!