🌐
SourceForge
sourceforge.net › projects › owaspbwa
OWASP Broken Web Applications Project download | SourceForge.net
Download OWASP Broken Web Applications Project for free. Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.
Home
SourceForge is the complete software discovery platform. SourceForge is the largest B2B software review and comparison site in the world, and features the largest business software directory, as well as free & fast open source software downloads and development.
Login
You seem to have CSS turned off. Please don't fill out this field
Create
Host your new project, distribute existing releases, or choose the individual features that fit your needs. See all the possibilities here · Our free, managed, global mirror network provides a better experience for your downloaders. And you get access to download statistics to find out who ...
Business Software
Compare the best business software of 2026 for your company or organization. Find the highest rated business software pricing, reviews, free demos, trials, and more.
🌐
VulnHub
vulnhub.com › entry › owasp-broken-web-applications-project-12,46
OWASP Broken Web Applications Project: 1.2 ~ VulnHub
Download: http://sourceforge.net/projects/owaspbwa/files/1.2/OWASP_Broken_Web_Apps_VM_1.2.7z/download
🌐
SourceForge
sourceforge.net › home › open source software › owasp broken web applications project
Download OWASP_Broken_Web_Apps_VM_1.2.ova (OWASP Broken Web Applications Project)
× Problems Downloading? OWASP_Broken_Web_Apps_VM_1.2.ova · Scanned for malware ✔ · Mirror Provided by · Learn more about Gigenet ·
🌐
Google Code
code.google.com › archive › p › owaspbwa
Google Code Archive - Long-term storage for Google Code Project Hosting.
Archive · Skip to content · The Google Code Archive requires JavaScript to be enabled in your browser · Google · About Google · Privacy · Terms
🌐
Reddit
reddit.com › r/oraclevmvirtualbox › how to install owasp broken web apps in virtualbox
r/OracleVMVirtualBox on Reddit: how to install owasp broken web apps in virtualbox
March 15, 2023 -

Ha! As a developer, you already know how vital it is to keep your coding practices on the down-low. But did you know about OWASP? It's this project called Open Web Application Security Project, and it's a collection of vulnerable web apps that allows you to test your shoddy skills in web application security. But, how do you start, you may ask? Well, you need a virtual environment to host these flimsy applications, and we will show you how to set it up using VirtualBox!

But hey, what in the name of Bob is VirtualBox? VirtualBox, baby, is a free, open-source program that enables you to run a bloat of overhyped operating systems on just one machine! Using VirtualBox, you can develop virtual machines or pretend computers - because, hey, we all love to pretend (sometimes it's better than reality). These virtual machines are just like real machines, with hardware, and storage but with a twist, they're not real!!

Before you get started with OWASP Broken Web Apps, you'll need to make sure that you have the following requirements:

-A computer with some pretty meager demands:

Processor: 1 GHz or faster (just a measly one GHz!!) RAM: 2 GB or more (bare minimum, we know, but you get what you pay for!) Storage: 20 GB or more (for your, ahem, secure applications!)

-A stable internet connection (you know how to get that!) -VirtualBox obtained and installed from https://www.virtualbox.org/wiki/Downloads -An OWASP Broken Web Apps virtual machine. You can snag the OVA file from https://sourceforge.net/projects/owaspbwa/files/latest/download

Now that you have all the necessary requirements, let's hop straight into it!

Step one, we'll be Installing the OWASP Broken Web Apps virtual machine into VirtualBox. First, let's open VirtualBox on your computer and select the "File" menu, clicking on the "Import Appliance" option. Next, press on the "Choose File" button and select the OWASP Broken Web Apps OVA file that you downloaded. You can review the settings and adjust any specifics based on what your computer can handle. All that's left to do is to hit "Import'' and wait patiently for a few minutes (depending on whether your computer's a turtle or not!).

Now that you've done that, we'll move on to step two, configuring network settings. Within the VirtualBox application, select the "Settings" button for the OWASP Broken Web Apps virtual machine and click on the "Network" tab from the left-hand menu. Next, underneath the "Attached to" drop-down menu, select "Bridged Adapter" and press the "OK" button to apply your changes.

Now on to the final step, starting and accessing the OWASP Broken Web Apps virtual machine! Select the OWASP Broken Web Apps virtual machine within the VirtualBox application, then click on the "Start" button; once done, log in using the preconfigured username and password (both of which are "owaspbwa"). Afterward, open up a web browser from within the virtual machine and navigate to the OWASP Broken Web Apps homepage by typing "http://localhost.''

A little tip before we conclude, you can access the OWASP Broken Web Apps virtual machine by opening a browser and modifying the virtual machine's IP address. To find the IP address, launch the virtual machine, open up a terminal window within the virtual machine, and type "ifconfig" (without quotes). Look for the IP address next to "inet addr."

Well done, you've successfully installed OWASP Broken Web Apps in VirtualBox, giving you the chance to scrutinize your know-how in web application security! By simulating real-world vulnerabilities, you can test and learn about common security issues, and with the straightforward steps outlined in this article, you can create a stable and secure virtual environment to run the OWASP Broken Web Apps application! Happy hacking!

🌐
GitHub
github.com › chuckfw › owaspbwa
GitHub - chuckfw/owaspbwa: OWASP Broken Web Applications Project · GitHub
Led by Chuck Willis (chuck (at) securityfoundry (dot) com) and sponsored by Mandiant, a FireEye Company. Version 1.2 of the VM was released on August 3, 2015. Download from http://sourceforge.net/projects/owaspbwa/files/.
Starred by 310 users
Forked by 124 users
Languages   PHP 73.3% | Smarty 5.9% | CSS 4.9% | Java 4.1% | JavaScript 3.3% | Ruby 3.1%
🌐
Hezronchacha
hezronchacha.com › setting-up-web-security-learning-lab-how-to-install-owasp-broken-web-application-in-virtualbox
Setting Up Web Security Learning Lab : How to install Owasp broken web application in VirtualBox – Hezron Munge Chacha
December 2, 2023 - To set up the OWASP-BWA image, the following steps need to be undertaken: Download the latest version of OWASP-BWA in compressed form from https://sourceforge.net/projects/owaspbwa/
🌐
GitHub
github.com › chuckfw › owaspbwa › wiki › UserGuide
UserGuide
Download from http://sourceforge.net/projects/owaspbwa/files/.
Author   chuckfw
🌐
YouTube
youtube.com › watch
Owasp BWA setup and download ova - YouTube
In this video, we show how to download the OWASP Broken Web Applications (BWA) OVA file and set it up in a virtual environment for practicing web application...
Published   January 29, 2026
Find elsewhere
🌐
SourceForge
sourceforge.net › home › open source software › owasp broken web applications project › files
OWASP Broken Web Applications Project - Browse Files at SourceForge.net
Download Latest Version OWASP_Broken_Web_Apps_VM_1.2.7z (1.8 GB) Home · Other Useful Business Software · $300 Free Credits for Your Google Cloud Projects · Start building on Google Cloud with $300 in free credits. No commitment, no credit card required until you're ready to scale.
🌐
chuckatsf
owasp-broken-web-applications-project.soft112.com
OWASP Broken Web Applications Project... Free Download
How to install OWASP Broken Web Applications Project on your Windows device: Click on the Download button on our website.
🌐
OWASP
owasp.org › www-project-vulnerable-web-applications-directory
OWASP Vulnerable Web Applications Directory | OWASP Foundation
The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available for legal security and vulnerability testing of various kinds.
🌐
DevCentral
community.f5.com › devcentral › articles › technical articles
OWASP Resources for Security Education and Training | DevCentral
July 8, 2024 - However, I think this is still useful — because the attack page is categorized by the OWASP Top10 methodology and easy to hack so that’s useful for the beginner’s education. The OWASP BWA has been removed from the official page, but you can still download the images from Source Forge. .ova and .zip files are available.
🌐
O'Reilly
oreilly.com › library › view › kali-linux-web › 9781784392918 › ch01s06.html
Creating a vulnerable virtual machine - Kali Linux Web Penetration Testing Cookbook [Book]
February 29, 2016 - Go to http://sourceforge.net/projects/owaspbwa/files/ and download the latest release's .ova file.
Author   Gilberto Najera-Gutierrez
Published   2016
Pages   296
🌐
CSO Online
csoonline.com › home › security › network security
Learn to play defense by hacking these broken web apps | CSO Online
November 9, 2018 - A common, free setup looks something like this: Download and install VirtualBox, and then download the OWASP Broken Web Applications VM (.ova file). Import the .ova, and make sure that networking is set to ...
🌐
GitHub
github.com › refabr1k › owasp-bwa-solutions
GitHub - refabr1k/owasp-bwa-solutions: OWASP Broken Web Application solutions · GitHub
Download from VM https://sourceforge.net/projects/owaspbwa/files/1.2/
Starred by 7 users
Forked by 12 users
🌐
SourceForge
sourceforge.net › home › open source software › owasp broken web applications project › files
OWASP Broken Web Applications Project - Browse /1.2 at SourceForge.net
Release notes for the Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products. More information about the project can be found at http://www.owaspbwa.org/. The VM can be downloaded as a .zip file or as a much smaller .7z 7-zip Archive.