(opens in new window)

OWASP Vulnerable Web Applications Directory

An OWASP production project

A comprehensive registry of known vulnerable web and mobile applications for legal security testing and training.

OWASP Damn Vulnerable Web Sockets (DVWS)

Deliberately vulnerable web application using Web Sockets for client-server communication. PHP with Ratchet, MySQL backend. Test web socket testing skills and tools (e.g. OWASP ZAP, Burp Suite). Covers PHP code injection, SSTI, CORS, session issues, XSS, SQLi, file inclusion, CSRF, command execution, brute force. MIT License.

Collections offline
Technology PHP HTML JavaScript WebSockets Ratchet MySQL
Categories Free-form Single-player
Author Abhineet Jayaraj (@xploresec)
Stars 361 stars
Last contribution Dec 19, 2025 < 6mo
Link Download

Notes

Code and setup: github.com/interference-security/DVWS. Ratchet and ReactPHP-MySQL packaged; Apache + PHP + MySQL required.

← Back to directory