You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authentication, authorization and session management issues
Arbitrary file access and directory traversals
Local and remote file inclusions (LFI/RFI)
Server Side Request Forgery (SSRF)
XML External Entity Attacks (XXE)
Heartbleed vulnerability (OpenSSL)
Shellshock vulnerability (CGI)
Drupal SQL injection (Drupageddon)
Configuration issues: Man-in-the-Middle, cross-domain policy file, information disclosures,...
HTTP parameter pollution and HTTP response splitting
Denial-of-Service (DoS) attacks
HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues
Unvalidated redirects and forwards
Parameter tampering
PHP-CGI vulnerability
Insecure cryptographic storage
AJAX and Web Services issues (JSON/XML/SOAP)
Cookie and password reset poisoning
Insecure FTP, SNMP and WebDAV configurations
and much more...
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows using Apache/IIS and MySQL. It can be installed with WAMP or XAMPP.
It's also possible to download our bee-box, a custom VM pre-installed with bWAPP.
This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education.
IT security, ethical hacking, training and fun... all mixed together.