Vulnerable App

For a more updated list refer to Security Teaching & Practice Solutions

Name	Description	Topic	Platform	Pricing
GitHub - c0ny1/upload-labs: 一个想帮你总结所有类型的上传漏洞的靶场	Collection of exercises that demonstrate attacks on real-world crypto	WebApp	Code	Free
Natas: Teaches the basics of serverside web-security	Teaches the basics of serverside web-security.	WebApp	Web Platform	Free
prompt(1) to win	XSS injection game	WebApp	Web Platform	Free
Damn Vulnerable GraphQL Application	An intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.	WebApp	Docker	Free
GraphQLab	A lab to learn about, and play with, GraphQL queries and mutations, with an emphasis on security.	WebApp	Web Platform	Free
MyLLMBank	This challenge allows you to experiment with jailbreaks/prompt injection against LLM chat agents that use ReAct to call tools.	GenAI	Web Platform	Free
MyLLMDoc	This is an advanced challenge focusing on multi-chain prompt injection scenarios.	GenAI	Web Platform	Free
PortSwigger Web Security Academy Learning Paths	Interactive, deliberately vulnerable labs	GenAI, WebApp	Web Platform	Free
Kontra	Provide the most immersive web-based security simulations and training	iOS, Android, WebApp, GenAI	Web Platform	Free, Paid
TryHackMe	Immersive interactive exercises based on real world scenarios	WebApp	Web Platform	Free, Paid
PentesterLab	Labs, Courses, and Videos	WebApp, Code Review	Web Platform	Free, Paid
Node API Goat	A simple Node.js Express REST app with some OWASP vulnerabilities.	WebApp	Code	Free
REST API Goat	A multi-tenant banking API	WebApp	Code, Docker	Free
vulnapi	Intentionaly very vulnerable API with bonus bad coding practices	WebApp	Code	Free
vAPI	Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.	WebApp	Code	Free
SQLI labs	Test error based, Blind boolean based, Time based.	WebApp	Code	Free