OWASP_Broken_Web_Apps_VM_1.1 released - collection of vulnerable web applications on Virtual Machine

Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.

Features

OWASP
Virtual Machine
Vulnerable Web Apps

More information about the project can be found at http://www.owaspbwa.org/ The VM can be downloaded as a .zip file or as a much smaller .7z 7-zip Archive. BOTH FILES CONTAIN THE EXACT SAME VM! We recommend that you download the .7z archive if possible to save bandwidth (and time). 7-zip is available for Windows, Mac, Linux, and other Operating Systems. !!! This VM has many serious security issues. We strongly recommend that you run it only on the "host only" or "NAT" network in the virtual machine settings !!!

Download OWASP_Broken_Web_Apps_VM_1.1.7z (1.3 GB)

Download other versions

Version 1.1 - 2013-07-30 - Updated Mutillidae, Cyclone, and WAVSEP - Updated OWASP Bricks and configured it to pull from SVN - Fixed ModSecurity CRS blocking and rebuilt ModSecurity to include Lua support - Increased VM's RAM allocation to 1Gb - Set Tomcat to run as root (to allow some traversal issues tested by WAVSEP) - Updated landing page for OWASP 1-Liner to reflect that the application is not fully functional

Source-

http://sourceforge.net/projects/owaspbwa