In my spare time I am teaching computer security topics in a local university. One of the activities that my students enjoy is the teaching of application security assessment and vulnerability detection.
I made my search for the applications that supported the largest possible number of vulnerabilities. As a result of the research, I began to work with the following applications:
- Damn Vulnerable Web App: It has a brute force, command execution, file inclusion, SQL Injection, blind SQL Injection, upload, XSS reflected and XSS stored modules.
- Mutillidae: Version 1.5 has modules that implement the OWASP 2010 Top-10.