WebGoat VS DVWA

Compare WebGoat vs DVWA and see what are their differences.

WebGoat

WebGoat is a deliberately insecure application (by WebGoat)

DVWA

Damn Vulnerable Web Application (DVWA) (by ethicalhack3r)
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
WebGoat DVWA
40 35
6,431 9,151
2.9% -
8.7 7.7
7 days ago 15 days ago
JavaScript PHP
GNU General Public License v3.0 or later GNU General Public License v3.0 only
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

WebGoat

Posts with mentions or reviews of WebGoat. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-01-02.

DVWA

Posts with mentions or reviews of DVWA. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-11-15.

What are some alternatives?

When comparing WebGoat and DVWA you can also consider the following projects:

juice-shop - OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

mutillidae - OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability assessment tool targets.

vulnerable-AD - Create a vulnerable active directory that's allowing you to test most of the active directory attacks in a local lab

kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices

Vulnerable-Web-Application - OWASP Vulnerable Web Application Project https://github.com/hummingbirdscyber

PHP SSH - An experimental object oriented SSH api in PHP

PHPSecLib - PHP Secure Communications Library

Lightning-Network - List of Lightning Network technical issues, bugs, flaws, and exploits.

language-detection - A language detection library for PHP. Detects the language from a given text string.

CyberChef - The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis

wrongsecrets - Vulnerable app with examples showing how to not use secrets