(opens in new window)

OWASP Vulnerable Web Applications Directory

An OWASP production project

A comprehensive registry of known vulnerable web and mobile applications for legal security testing and training.

Vulnerable Java Web Application

Vulnerable web application by Cyber Security and Privacy Foundation (CSPF) for Java programmers and others to learn web application vulnerabilities and secure coding. Full course on GitHub and Udemy.

Collections offline
Technology Java Tomcat MySQL
Categories Free-form Single-player
Author Cyber Security and Privacy Foundation
Stars 277 stars
Last contribution May 10, 2026 < 6mo
Link

Notes

Do not run on main machine or online server; use a VM. Docker: docker-compose up then http://localhost:8080/JavaVulnerableLab/install.jsp (set JDBC to jdbc:mysql://mysql:3306). Or VirtualBox OVA, JAR, or WAR deploy.

← Back to directory