# Tools ### Vulnerable Applications for Practice | Resource | Description | Free | | ------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---- | | [Burp Suite Web Security Academy](https://portswigger.net/training) | The Web Security Academy contains high-quality learning materials, interactive vulnerability labs, and video tutorials. You can learn at your own pace, wherever and whenever suits you. | Yes | | [Damn Vulnerable Web Application (DVWA)](http://www.dvwa.co.uk/) | A PHP/MySQL web application that is damn vulnerable | Yes | | [flAWS 2](http://flaws2.cloud/) | Welcome to the flAWS 2 challenge! Similar to the original flAWS.cloud (also created by Summit Route), this game/tutorial teaches you AWS (Amazon Web Services) security concepts | Yes | | [Juice Shop Project](https://www.owasp.org/index.php/OWASP_Juice_Shop_Project) | OWASP Juice Shop is probably the most modern and sophisticated insecure web application | Yes | | [Web Goat](https://webgoat.github.io/WebGoat/) | A deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components. | Yes |