This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OWASP Vulnerable Web Application

Jump to: navigation, search
OWASP Project Header.jpg


Vulnerable-Web-Application is a website that is prepared for people who are interested in web penetration and who want to have information about this subject or to be working. In fact, the website is quite simple to install and use.

Vulnerable-Web-Application categorically includes Command Execution, File Inclusion, File Upload, SQL and XSS. For database-requiring categories, it creates a database under localhost with one button during setup. In case of corrupted or changed databases, you can create a database again.

Vulnerable Web Application Project Repository



The "General Public License" protects users' four essential freedoms, among other things by requiring someone who distributes software derived from yours to also publish the source code for the modifications. Anyone can charge money for distributing copies of the software, but cannot prevent its recipients from redistributing it for free. The GPL allows the copyright holders to distribute the software under additional licenses, too, which can be a way to make it proprietary-friendly.

How to Contribute

  • Solve the challenges in the Vulnerable Web Application Project
  • Choose a category or create new category (CSRF,XML Entity etc.)
  • Create the challenge under the choosen category
  • Submit your work


Hummingbirds Cyber Security Community

Project Leader

Fatih Çelik

Linkedin Github

Core Team

Mehmet Oğuz Tozkoparan

Ömer Faruk Şenyayla

Ramazan Emre Erkan

Ufuk Süngü


Project Type Files CODE.jpg
Incubator Project Owasp-builders-small.png
Affero General Public License 3.0