Hackazon (Rapid7) migrated from PHP 5.4/PHPixie to PHP 8.4/Laravel 13 — intentionally vulnerable app for security training
Educational Azure vulnerability lab for penetration testing practice, red team training, and cybersecurity education. Vulnerable-by-design cloud infrastructure with Terraform automation.
🛡️ Demo: Microsoft Defender for Cloud & GitHub Advanced Security (GHAS) integration - End-to-end vulnerability detection from code to cloud
Vulnerable lab environment for PentestAI - 30+ intentionally vulnerable services for penetration testing practice
Browser-based MCP CTF — OAuth token confusion and session isolation failure (CVE-2025-49596 pattern). DevTools only.
Public, intentionally-vulnerable + hardened demo MCP server for testing mcpscanner. /error (Grade F), /success (Grade A), /random.
"A deliberately vulnerable AI banking assistant. Built to be broken."
Vulnerable-by-design MCP server for learning object-level / cross-tenant authorization (BOLA/IDOR) bugs + a hunt checklist
Intentionally-vulnerable multi-tenant document API for AI security evaluation.
Intentionally vulnerable PHP social-network sandbox for hands-on web-security research.
A complete, containerized Linux Privilege Escalation training laboratory featuring 15 distinct local privilege escalation vectors running purely in Docker.
Replay TeamPCP's supply chain kill chain: CI/CD compromise → AWS post-exploitation. Hands-on lab with real AWS infrastructure.
Add a description, image, and links to the vulnerable-by-design topic page so that developers can more easily learn about it.
To associate your repository with the vulnerable-by-design topic, visit your repo's landing page and select "manage topics."