OWASP BWA is a project aimed at providing security professionals and enthusiasts with a safe environment to develop attacking skills and identify and exploit vulnerabilities in web applications, in order to be able to help developers and administrators fix and prevent them.

This virtual machine includes different types of web applications; some of them are based
on PHP, some in Java. We even have a couple of .NET-based vulnerable applications. There
are also some vulnerable versions of known applications, such as WordPress or Joomla.