The focus of vulnerable web application is to educate the people about security flaws in web application. SQL injection, file injection, cross-site scripting, code injection, and request forgery are threats which could have high impact.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. The main goals of DVWA are to be an aid for security professionals to test their skills and tools. It should help web developers to better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class.
Or a buggy web application is a web application build to allow security enthusiasts, students, and developers to better secure web applications. bWAPP prepares to conduct successful penetration testing and ethical hacking projects.
A platform to learn about SQL injection (SQLI). The labs are covering a wide range of injections (Union select, blind, update query, insert query, etc.).
A configurable SQL injection environment. SQLol allows to exploit SQL injection flaws, but furthermore allows a large amount of control over the manifestation of the flaw.
The OWASP Hackademic Challenges is an open source project that can be used to test and improve one’s knowledge of web application security.
XSSeducation is a set of Cross Site Scripting vulnerable PHP pages for learning about XSS Vulnerabilities.