OWASP Practice is a virtual environment to help people who want to begin their journey into web application security. Lots of material including videos are available on the Internet, both for free and for a fee, that teach web application security in a good manner. But this project has been started for the sole purpose of helping people to understand the basics behind a vulnerability and gradually moving forward. OWASP Practice contains a learning environment which helps to understand why and how a vulnerability is triggered. This project or any other project alone cannot help anyone master everything. It just our contribution to the community. We were all beginners in this field at some point of time, and still we are in a continuous learning phase. We hope this project helps the community.

Coming back to “OWASP Practice”: OWASP has released a list of top 10 vulnerabilities. The “OWASP Top 10 Web Application Vulnerabilities 2013″ is one of the most popular projects by OWASP. The project starts with explaining every vulnerability in as easy words as possible, along with vulnerable demo applications and videos demonstrating the vulnerability in action.

A few things that might come handy are:

  • Mozilla Firefox
  • Firefox Addons
  • Firebug
  • Live HTTP Headers
  • Tamper Data
  • User-Agent Switcher
  • Cookie Manager+
  • BurpSuite

Downloads include:

  1. OwaspPractice Virtual Machine
  2. OwaspPractice Source Code and SQL file
  3. OwaspPractice Vulnerability Demo Videos

User Credentials

Local User Accounts

Username: root
Password: toor
Username: owasppractice
Password: owasppractice


Username: root

Joomla Administrator:

Username: admin
Password: admin