Hello! My name is Manuel Santander. I teach at local Universities courses about web application security. I prefer to teach my students in a practical way, where they are able to interact with specific cases, learn the vulnerabilities and perform asessments.  There were not that many alternatives for virtual appliances that covers what I wanted to teach, so I decided to mount my own appliance. Last version is an Ubuntu 22.04 server appliance, which includes the following applications:

• Running on port 80:
  
• bWAPP
• Damn Vulnerable Web Application
• OWASP Hackademic
• OWASP Mutillidae
• Running on port 81:
• Hackazon
• Running on port 82:
• Conviso Vulnerable Web App
• Running on port 83:
• Generic University
• Running on port 3000:
• OWASP Juice Shop
• Running on port 9000:
• Authlab

• Running on port 80:
  
• bWAPP
• Bricks
• Damn Vulnerable Web Application
• OWASP Hackademic
• Peruggia
• NOWASP Mutillidae
• Running on port 81:
• Wacko Picko
• Running on port 82:
• NTObjectives Hackazon
• Running on port 8080:
  
• WebGoat
• BodgeIT

To login into the virtual machine: use the following information:

• Login: va
• Password: vulnerablewebapps

The authentication information for the mysql database is:

• Login: root
• Password: vulnerablewebapps
  

The VMWare appliance can be downloaded from http://sourceforge.net/projects/vapps/files/. You will find the VMWare VM Appliance (vapps.7z) and the OVA file to be used with virtualbox (Vulnerable Web Apps.ova).

This virtual machine should not be ever placed in production environments as it contains lots of vulnerable web applications. The license for this project is GNU and so it comes with absolutely NO WARRANTY and no support.