DVWA - Damn Vulnerable Web Application : Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to t...
Wapiti : Wapiti allows you to audit the security of your web applications.
It performs "black-box" scans, i.e. it does not study the source code of the applica...
Nikto2 : Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potent...
Arora : Arora is a lightweight cross-platform web browser. It's free (as in free speech and free beer). Arora runs on Linux, embedded Linux, FreeBSD, Mac OS X...
OWASP : The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software.
A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.