Tools

Vulnerable Applications for Practice

Resource	Description	Free
Burp Suite Web Security Academy	The Web Security Academy contains high-quality learning materials, interactive vulnerability labs, and video tutorials. You can learn at your own pace, wherever and whenever suits you.	Yes
Damn Vulnerable Web Application (DVWA)	A PHP/MySQL web application that is damn vulnerable	Yes
flAWS 2	Welcome to the flAWS 2 challenge! Similar to the original flAWS.cloud (also created by Summit Route), this game/tutorial teaches you AWS (Amazon Web Services) security concepts	Yes
Juice Shop Project	OWASP Juice Shop is probably the most modern and sophisticated insecure web application	Yes
Web Goat	A deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.	Yes