https://github.com/shieldfy/avwa
Advanced Vulnerable Web Application (AVWA)
https://github.com/shieldfy/avwa
Last synced: 3 months ago
JSON representation
Advanced Vulnerable Web Application (AVWA)
- Host: GitHub
- URL: https://github.com/shieldfy/avwa
- Owner: shieldfy
- License: mit
- Created: 2017-06-10T01:46:02.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2017-06-10T02:09:26.000Z (over 8 years ago)
- Last Synced: 2025-01-29T15:34:15.343Z (11 months ago)
- Size: 1000 Bytes
- Stars: 14
- Watchers: 11
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Advanced Vulnerable Web Application (AVWA)
Advanced Vulnerable Web Application (AVWA) is a very vulnerable web application focus on modern advanced vulerabilities.
The main goal is to be an aid for security professionals , pentesters and web developers to test their security skills in a legal environment And learn about new vulnerabilities and exploit in today world.
# WARNING!
Advanced Vulnerable Web Application is not safe! **Do not upload it to your hosting provider's public html folder or any Internet facing servers** , as they will be compromised.
# Roadmap
We want it to cover all modern vulnerabilities , includes and not limited to
- [ ] API Security ( JWT Security , OAuth Flows .. etc )
- [ ] CRLF / Header Injection
- [ ] Advanced XSS ( CSP bypass , Cross Origin issues .. etc )
- [ ] XXE
- [ ] Object Injection / Use After Free Vulnerabilities
- [ ] Template Injection RCE
- [ ] Advanced SQL Injection ( 2nd order , error based , blind SQLI )
- [ ] ReDoS attack / Format String Attack
- [ ] Server Side Request Forgery ( SSRF )
## Inspiration
Highly inspired from vulnerable web application for pentesters (DVWA , Webgoat .. etc)
## Contributions
AVWA is in very early stage , All ideas are welcome .. just open issue in this repo with prefix [IDEA] , and we will discuss it in public to implement it. or drop us an email at opensource@shieldfy.io