WABANK is deliberately vulnerable web application for security testing according OWASP Top 10 report. Application is free for non commercial usage only.
Alpha version is available WABANK 1.0.beta.zip (472 downloads)
How to start?
- Download zip and extract it (Hackerlab-WABANK-1-0-alpha.zip).
- Follow installation steps in README.TXT for Debian/Ubuntu linux.
- Logon credentials admin/admin will give you access to “debug panel”.
- Use tool OWASP ZAP or Burp Suite for vulnerability testing.
OWASP Top 10
WABANK application contains the following vulnerabilities according OWASP Top 10.
A2-Broken Authentication and Session Management
A4-Insecure Direct Object References
A6-Sensitive Data Exposure
A7-Missing Function Level Access Control
A9-Using Known Vulnerable Components
A10-Unvalidated Redirects and Forwards