reddit hackernews mail facebook facebook linkedin
Damn Vulnerable RESTaurant

Damn Vulnerable RESTaurant

An intentionally vulnerable web API game for learning and training purposes.

An intentionally vulnerable API service designed for learning and training purposes dedicated to developers, ethical hackers and security engineers. The idea of the project is to provide an environment that can be easily extended with new vulnerable endpoints and mechanisms that could be used in trainings for detecting and exploiting identified vulnerabilities.

It's a training playground:
- For developers: engage in a dedicated game where you will identify and fix vulnerabilities interactively.
- For ethical hackers: exploit vulnerabilities manually or use automated tools. Treat it as a CTF challenge, you can start from low privileged API user and escalate to root user. There is one path to achieve this. API docs are provided to facilitate your hacking adventure.
- For security engineers: utilise various security automation tools such as SAST, DAST, IaC, etc., to test vulnerability detection mechanisms.