Features:

Very easy to use and to understand

Well structured and documented PHP code

Different security levels (low/medium/high)

'New user' creation (password/secret)

'Reset application/database' feature

Manual intervention page

Email functionalities

Local PHP settings file

No-authentication mode (A.I.M.)

'Evil Bee' mode, bypassing security checks

'Evil' directory, including attack scripts

WSDL file (Web Services/SOAP)

Fuzzing possibilities

Vulnerabilities:

SQL, HTML, iFrame, SSI, OS Command, XML, XPath, LDAP, PHP Code, Host Header and SMTP injections

Authentication, authorization and session management issues

Malicious, unrestricted file uploads and backdoor files

Arbitrary file access and directory traversals

Heartbleed and Shellshock vulnerability

Local and remote file inclusions (LFI/RFI)

Server Side Request Forgery (SSRF)

Configuration issues: Man-in-the-Middle, Cross-Domain policy file,

FTP, SNMP, WebDAV, information disclosures,...

HTTP parameter pollution and HTTP response splitting

XML External Entity attacks (XXE)

HTML5 ClickJacking, Cross-Origin Resource Sharing (CORS) and web storage issues

Drupal, phpMyAdmin and SQLite issues

Unvalidated redirects and forwards

Denial-of-Service (DoS) attacks

Cross-Site Scripting (XSS), Cross-Site Tracing (XST) and Cross-Site Request Forgery (CSRF)

AJAX and Web Services issues (JSON/XML/SOAP)

Parameter tampering and cookie poisoning

Buffer overflows and local privilege escalations

PHP-CGI remote code execution

HTTP verb tampering

And much more...

bWAPP is a deliberately buggy web application that is designed to help security enthusiasts, developers, and students to discover and prevent web vulnerabilities. This security learning platform can help you to prepare for conducting successful penetration testing and ethical hacking projects.It has over 100 web bugs, including all major known web vulnerabilities.It can be hosted on Windows/Linux with Apache/IIS and MySQL (or just use WAMP or XAMPP).Or, you can use thea custom Linux virtual machine pre-installed with bWAPP.