bWAPP 2.2

bWAPP is an "extremely buggy wep app" intended for researching and discovering common security issues. It deliberately covers over 100 vulnerabilities ranging from SQL injection, to XSS, CGI exploits, SSL tampering, remote code execution, RFI, SSRF, CORS, buffer overflows; and replicates many high-profile exploits of other applications (Drupal, Wordpress). It's implemented in PHP, but of course only meant to be run in a sandbox or with its bee-box VM exposing further server process vulnerabilities.

Tags php security xss csrf research education developers
License GNU GPL
State stable

Recent Releases

2.204 Nov 2014 05:45 minor feature: New bugs: - Insecure iFrame (Login Form) New bugs exploitable on bee-box v1.6: - Drupal SQL Injection (Drupageddon) - POODLE Vulnerability - SQLiteManager Local File Inclusion