30 open-source projects similar to hackademic/hackademic, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Hackademic alternative.
sqli-labs is a collection of intentionally vulnerable web applications and sandbox environments designed for practicing the identification and exploitation of SQL injection vulnerabilities. It serves as a cybersecurity education lab where users can experiment with database exploits in a controlled setting. The environment provides specialized modules for testing a wide range of attack vectors, including error-based, boolean-blind, and time-based injections. It specifically covers advanced techniques such as second-order injections, stacked queries, and attacks targeting HTTP headers. The pro
Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities. NOTE: This project is out of date, please use https://github.com/snoopysecurity/dvws-node
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
WebGoat is a deliberately insecure web application designed as an interactive security lab for learning how to identify and exploit common web vulnerabilities. It serves as a containerized sandbox that allows for the simulation and experimentation of web-based attacks and penetration testing techniques without risking production systems. The project functions as a learning lab that maps specific insecure coding patterns to structured lessons. It implements simulated server-side flaws to provide a hands-on environment for studying common security vulnerabilities and defensive coding practices.
A deliberately vulnerable CI/CD environment. Learn CI/CD security through multiple challenges.
A collection of web pages, vulnerable to command injection flaws
A very vulnerable web site written in NodeJS with the purpose of have a project with identified vulnerabilities to test the quality of security analyzers tools tools
Vulnerable Java based Web Application
DefectDojo is a vulnerability management system and application security orchestration tool. It serves as a centralized platform for importing, deduplicating, and tracking security findings from multiple scanners and tools to manage an organization's overall security posture. The system distinguishes itself by aggregating findings from various security tools into a single report and normalizing that data to prioritize remediation. It provides specific workflows for vulnerability triage and deduplication to reduce noise and redundant manual work across the software development lifecycle. The
DVWA is a vulnerable web application lab and penetration testing sandbox designed to simulate common security flaws. It serves as a training platform for the OWASP Top 10 security risks and functions as a PHP and MySQL security lab for practicing the identification and exploitation of web vulnerabilities. The project provides a graduated learning experience through configurable security levels that adjust the difficulty of the vulnerabilities. It also supports switching between different database engines to research how various storage systems respond to injection attacks. The application is
Vulnerable Android application for developers and security enthusiasts to learn about Android insecurities
DVWA is a vulnerable web application sandbox and PHP security training environment. It serves as a deployable penetration testing target and an OWASP Top 10 lab designed for practicing exploits and simulating common web security vulnerabilities. The application allows users to adjust security difficulty levels to match their skill level and toggle between different SQL database engines to test how various systems handle injection attacks. It includes a mechanism to disable authentication, enabling automated security tools to interact directly with the environment. The project provides capabi
Lab set-up for learning SQL Injection Techniques
OWSAP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
This project is no longer maintained OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security. GoatDroid requires minimal dependencies and is ideal for both Android beginners as well as more advanced users. The project currently includes two applications: FourGoats, a location-based social network, and Herd Financial, a mobile banking application. There are also several feature that greatly simplify usage within a training environment or for absolute beginners who want a good introduction to working with the Androi
Vuldroid is a Vulnerable Android Application made with security issues in order to demonstrate how they can occur in code
Juice Shop is a self-contained web application designed as a platform for cybersecurity education and security training. It functions as a controlled environment containing intentional security flaws, allowing users to practice offensive security techniques and defensive coding practices while tracking their progress through a live scoreboard. The platform serves as an industry-standard benchmark for evaluating the effectiveness and detection accuracy of automated security scanning tools. By hosting a standardized set of known vulnerabilities and common attack patterns, it provides a reliable
Security training for the apps you actually ship. Open your browser and start hacking.
Kubernetes Goat is a security training environment designed for practicing the identification and exploitation of common vulnerabilities within an intentionally insecure cluster. It provides a controlled setting to simulate system exploitations, including container escapes, role misconfigurations, and server-side requests. The project utilizes scenario-based vulnerability deployment to create specific security flaws. It includes utilities for environment management that allow the cluster to be restored to a clean baseline by removing vulnerable scenarios, service accounts, and role bindings.
The Internet is a dangerous place, filled with evildoers out to attack your code for fun or profit, so it's not enough to just ship your awesome new web app--you have to take the security of your application, your users, and your data seriously. You'll get into the mindset of the bad guys as we…
An Intentionally designed Vulnerable Android Application built in Kotlin.
The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.