In my spare time I am teaching computer security topics in a local university. One of the activities that my students enjoy is the teaching of application security assessment and vulnerability detection.
I made my search for the applications that supported the largest possible number of vulnerabilities. As a result of the research, I began to work with the following applications:
Damn Vulnerable Web App:It has a brute force, command execution, file inclusion, SQL Injection, blind SQL Injection, upload, XSS reflected and XSS stored modules.
Mutillidae: Version 1.5 has modules that implement the OWASP 2010 Top-10.
Do you have any other interesting vulnerability playground to share with us? Let us know.
-- Manuel Humberto Santander Pelez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.