OWASP Lab

Welcome to OWASP Lab, an educational web application designed to encourage secure development and demonstrate common web vulnerabilities in a hands-on environment.

This application has two sections:

1. Secure

In the secure section, users can:

  • Explore the app’s functionality safely.
  • Pick a poll, vote, and view aggregated results, including their own.
  • Understand best practices for building secure web applications.
2. Vulnerable

The vulnerable section introduces common web vulnerabilities inspired by the OWASP Top 10 — the ten most critical security risks identified by the Open Web Application Security Project (OWASP). Here, users can:

  • Interact with deliberately vulnerable features.
  • Observe the impact of attacks such as SQL Injection, XSS, and IDOR, among others.
  • Access clear explanations of each vulnerability.
  • Learn practical strategies to mitigate these risks.
Environment Notes
  • Auto-login: Users are automatically logged in as demo_user for convenience
  • Auto-signoff: Users are automatically logged out after inactivity
  • Safe experimentation: The environment is intentionally vulnerable for educational purposes only
  • Disclaimer: This app is for learning and demonstration. Do NOT expose the vulnerable section to sensitive data.
Technology Stack
  • Backend: Django (Python)
  • Frontend: Bootstrap 5, HTML, CSS, JS
  • Database: PostgreSQL
  • Security Focus: OWASP 10, secure coding practices
Get Involved

Contributions, suggestions, collaboration, and discussions are welcome.