The most common question from students who is learning website hacking techniques is "how to test my skills legally without getting into troubles?". So, i always suggest them to use some vulnerable web application such as DVWA.
However, i felt dvwa is not suitable for new and advanced techniques. Mutillidae is one of the best web application vulnerable app to date. However, I missed some techniques/features in Mutillidae. so i thought it is better develop our own app to teach the web application pentesting for my readers and students.
BTS PenTesting Lab is a vulnerable web application that allows you to learn from basic to advanced vulnerability techniques.
Currently, the app contains following vulnerability types:
- SQL Injection
- Cross Site scripting(XSS)
- Cross Site request Forgery(CSRF)
- Server Side Request Forgery(SSRF))
- File Inclusion(RFI and LFI)
- Command Execution