_               ____                  _ ____  
   / \   _ __  _ __/ ___|  ___  ___      | |  _ \ 
  / _ \ | '_ \| '_ \___ \ / _ \/ __|  _  | | |_) |
 / ___ \| |_) | |_) |__) |  __/ (__  | |_| |  __/ 
/_/   \_\ .__/| .__/____/ \___|\___|  \___/|_|    
        |_|   |_|                                  
    

I created these vulnerable applications, to be used as a parameter on SAST tools evaluations.

Vulnerable Apps:

C# - Github

Angular - Github

Golang - Github

PHP - Github

Ruby - Github

Rust - Github

Scala - Github

PHP Lab

LAB #1 - XSS on PHP

Backend: PHP

Server: Ngnix

Host: Digital Ocean

Vulnerabilities

• XSS
• Comming soon...

To do:

Cookie Security

Local/Session storage

Security Headers

Unsafe use of target blank

About Me

You know this will alert()