Vulnerable App Playground
Practice your skills on intentionally vulnerable web applications. All environments reset every hour.
Warning
These applications are intentionally vulnerable. All activity is logged and monitored. Only use for educational purposes on this domain.
DVWA
Damn Vulnerable Web Application - A PHP/MySQL web app designed for security testing.
Username: admin
Password: password
Practice SQL Injection, XSS, CSRF, File Inclusion, Command Injection, and more.
Launch DVWAOWASP Juice Shop
Modern insecure web application covering the OWASP Top 10 and more.
Admin: admin@juice-sh.op / admin123
User: Create your own account
60+ challenges including XSS, SQLi, XXE, insecure deserialization, and broken auth.
Launch Juice ShopEnvironment Info
- ✓ Environments reset every hour (at :00)
- ✓ Your progress will be lost on reset
- ✓ All requests are logged
- ✗ Do not attack other systems from here
- ✗ Do not upload malware or illegal content