Find a deliberately insecure open source web application?


As a developer, I've learned that I usually gain a better understanding of best/worst practices through experience. The area of web application security isn't really somewhere where my organization can afford to let developers learn through trial and error.

So looking for a hands-on approach to knowledge sharing of best practices in web application security, I was thinking that it would be useful to have an open source application that was deliberately built to be insecure in order to help teach junior developers about application security.

Does anyone out there know where to find something like this?

Best Solution

There are online (hacking challenge / practice / fun ) and offline (you got the source code) apps:

Offline :


More Realistic Demonstration

This is an old list I grabbed from somewhere, some of them can be down right now.

Challenge sort of examples

Related Question