FREE hands-on OWASP Top 10 training Lab

  • All-in-One VM box and docker lab ready to be used.
  • Kickstart your Web Hacking journey with focused tutorials.
  • Sharpen your web hacking skills on the BEST vulnerable web applications.
  • Learn and practice the OWASP Top 10 vulnerabilities.
  • Start hacking in minutes!
  • As a bonus, you will get fresh content each week.

These are the simple steps to start your lab

Inside the lab directory that you will downloaded, there is a PDF file explaining how to use this lab. The Docker version is the recommended one, otherwise, you can follow the instructions in the video below for the VirtualBox version.

This is your BEST chance to start learning Web hacking by doing!

The hands-on OWASP Top 10 training box includes all what you need to have solid web hacking skill.

What's the content of the training lab?


OWASP WebGoat is one of the best maintained vulnerable web applications. It is written in Java, which is widely used by big companies.


OWASP Juice Shop is a modern single web application. It includes all modern technologies: Angular, NodeJs, MongoDB, etc


The VM box includes docker to help you easily install tools in the during the OWASP Top 10 training. It  includes Go to help installing hacking tools.

How to take full advantage of this free lab?

  1. Download the hacking lab using the form at the top.
  2. Read and understand the theory behind each vulnerability in the OWASP Top 10 vulnerabilities category.
  3. Watch the OWASP Top 10 training playlist.
  4. Practice the techniques in each video.
  5. Start hacking on bug bounty platforms like Hackerone to earn trust and money.
  6. Look back and notice how your web hacking journey kickstarted from this page.

Happy hacking!