What makes bWAPP, our extremely buggy web application, so unique? Well, it has over 100 web bugs!
bWAPP covers all vulnerabilities from the OWASP Top 10 project, including:
- SQL, HTML, iFrame, SSI, OS Command, PHP, XML, XPath, LDAP, Host Header and SMTP injections
- Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and Cross-Site Request Forgery (CSRF)
- AJAX and Web Services issues (jQuery/JSON/XML/SOAP/WSDL)
- Authentication, authorization and session issues, file upload flaws and backdoor files
- Arbitrary file access, directory traversals, local and remote file inclusions (LFI/RFI)
- Configuration issues: Man-in-the-Middle, cross-domain policy files, information disclosures,...
- HTTP parameter pollution, HTTP response splitting and HTTP verb tampering
- Insecure DistCC, FTP, NTP, Samba, SNMP, VNC and WebDAV configurations
- HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues
- XML External Entity attacks (XXE) and Server Side Request Forgery (SSRF)
- Heartbleed and Shellshock vulnerability (OpenSSL), Denial-of-Service (DoS) attacks
- Parameter tampering, cookie and password reset poisoning