InsecureWebApp

InsecureWebApp is a web app that includes common web application vulnerabilities including SQL&Html Injection- see owasp.org. It is a target for automated and manual penetration testing, source code analysis, vulnerability assessments and threat modeling.

Project Samples

Report servlet vulnerable to html-injection (xss)

After updating the user table, the hacker logs in

Using the forgot-password form to become the administrator

Reviewing source code for vulnerabilities

The product listing page can list login information too

Project Activity

See All Activity >

License

Apache License V2.0

Follow InsecureWebApp

InsecureWebApp Web Site

Other Useful Business Software

Run Any Workload on Compute Engine VMs

From dev environments to AI training, choose preset or custom VMs with 1–96 vCPUs and industry-leading 99.95% uptime SLA.

Compute Engine delivers high-performance virtual machines for web apps, databases, containers, and AI workloads. Choose from general-purpose, compute-optimized, or GPU/TPU-accelerated machine types—or build custom VMs to match your exact specs. With live migration and automatic failover, your workloads stay online. New customers get $300 in free credits.

Try Compute Engine

Rate This Project

User Reviews

Be the first to post a review of InsecureWebApp!

Additional Project Details

Languages

English

Intended Audience

Developers

User Interface

Web-based

Programming Language

Java

Database Environment

JDBC

Related Categories

Java Security Software, Java Internet Software, Java Education Software, Java Penetration Testing Tool

Registered

2005-03-31

Similar Business Software

Aikido Security

Secure your code, cloud, and runtime in one central system. Aikido’s all-in-one security platform is loved by developers and security teams alike with full security visibility, insight in what matters most, and fast/automatic vulnerability fixes. Teams get security done with Aikido thanks...

See Software
ManageEngine Endpoint Central

ManageEngine Endpoint Central is built to secure the digital workplace while also giving IT teams complete control over their enterprise endpoints. It delivers a security-first approach by combining advanced endpoint protection with comprehensive management, allowing IT teams to manage the...

See Software
Astra Pentest

Astra’s Pentest is a comprehensive penetration testing solution with an intelligent automated vulnerability scanner coupled with in-depth manual pentesting. On top of 10000+ tests including security checks for all CVEs mentioned in the OWASP top 10, and SANS 25, the automated scanner also...

See Software
Parasoft

Parasoft helps organizations continuously deliver high-quality software with its AI-powered software testing platform and automated test solutions. Supporting embedded and enterprise markets, Parasoft’s proven technologies reduce the time, effort, and cost of delivering secure, reliable, and...

See Software
ZeroPath

ZeroPath (YC S24) is an AI-native application security platform that delivers comprehensive code protection beyond traditional SAST. Founded by security engineers from Tesla and Google, ZeroPath combines large language models with advanced program analysis to find and automatically fix...

See Software
CMW Platform

Low-code BPMS, helps mid-size and large companies automate, and improve business processes while staying aligned with enterprise architecture and IT policies. Business and IT teams can quickly build and adapt workflows without deep coding skills. BPM suite supports common use cases like CapEx...

See Software