Reference "non-secured" web application?

Question

I'm new to both web development and security, and I was wondering whether there is some kind of reference web application that doesn't follow any of the security best practices. Something like a "Security hello world" :).

On OWASP's site there are code examples for almost every threat, I was wondering whether there is an application that would put them all together.

I would like to use it to both test my knowledge while trying to find the flaws, and to run and understand ESAPI with it.

Meanwhile a colleague of mine pointed me to OWASP's complete (and up-to-date) list of deliberately vulnerable web applications. There's so many of them, I really have to work on my googling aptitudes...

Like [WebGoat](https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)? — Purefan, Feb 27 '17 at 08:30

Sjoerd · Accepted Answer · 2017-02-27T09:11:10.850

2

edited Feb 27 '17 at 09:11

answered Feb 27 '17 at 08:36

Sjoerd

28,707
12
74
102

1

Add Troy Hunt's hackyourself first to that list, you don't get code but there are 50 or so vulnerabilities to find in his test public website. – iainpb Feb 27 '17 at 09:10

Reference "non-secured" web application?

1 Answers1