The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.

TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into product…

OWASP Benchmark is a test suite designed to verify the speed and accuracy of software vulnerability detection tools. A fully runnable web app written in Java, it supports analysis by Static (SAST),…

completely ridiculous API (crAPI)

Building an Application with Spring Boot :: Learn how to build an application with minimal configuration.

vAPI is Vulnerable Adversely Programmed Interface which is Self-Hostable API that mimics OWASP API Top 10 scenarios through Exercises.

Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security.

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

WebGoat is a deliberately insecure application

Damn Vulnerable Web Application (DVWA)

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

OWASP API Security Project

Sample cloud-native application with 10 microservices showcasing Kubernetes, Istio, gRPC and OpenCensus.