Labs – Web Applications

HackThisSite!
A legal and safe network security resource where users test their hacking skills on various challenges and learn about hacking and web application security. The site includes application challenges where the aim is to extract a key from an application, usually involving some form of reverse-engineering – https://www.hackthissite.org/

Exploit Database
An archive of exploits and vulnerable software used by penetration testers, vulnerability researchers, and those just interested in security. Very useful when wanting to find an exploit that will specifically take advantage of a vulnerability in the system that you are attacking – http://www.exploit-db.com

A guide to how to use the database can be found here – http://null-byte.wonderhowto.com/how-to/hack-like-pro-find-exploits-using-exploit-database-kali-0156399/

Gruyere
A piece of software that has been designed by Google to have as many security holes as possible. In doing so it shows how web application vulnerabilities can be exploited and how to defend against these attacks. Gruyere has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution – http://google-gruyere.appspot.com/part1 –

Other useful sites