Google's XSS game - In this training program, you will learn to find and exploit XSS bugs.Google Gruyere - Web Application Exploits and Defenses - a small, cheesy web application that allows its users to publish snippets of text and store assorted files.Browser Security Handbook - By Michal Zalewski.Here's a part of it: Web Application Security I've been trying to maintain a list of useful resources for Security Enthusiasts on my personal website. And these keywords are "damn vulnerable". VirtualBox) and is a lot more flexible than an online target it will teach you more since you can modify it and reset it at will.Īll these resources are subject to obsolescence, modification and replacement, so the important point of this answer is to give the correct keywords for searching.
PRACTICE HACKING SITES FOR FREE
These are not "online machines" for you to hack, but you can download them and install them on a virtual machine on your own computer, which can be done for free (there are good free VM solutions, e.g. There also used to be a full OS called Damn Vulnerable Linux it is apparently discontinued (though of course lack of security patches was the point of it) but this question discusses replacements.
![practice hacking sites practice hacking sites](https://media.cheggcdn.com/study/ecf/ecffb78a-9b34-456e-9e08-3c5e9d2b7256/image.png)
One of them is Damn Vulnerable Web App, which is, you guessed it, a damn vulnerable Web app. Depending on what you call "online", a simple Google search on "damn vulnerable" will reveal the existence of freely downloadable applications of even full OS, meant for, indeed, learning all the ways software can be horribly vulnerable.