DVWS on offsec.tools


Vulnerable application with a web service and an API.

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

This vulnerable application contains the following API/Web Service vulnerabilities:
- Insecure Direct Object Reference
- Horizontal Access Control Issues
- Vertical Access Control Issues
- Mass Assignment
- Cross-Site Scripting
- NoSQL Injection
- Server Side Request Forgery
- JSON Web Token (JWT) Secret Key Brute Force
- Information Disclosure
- Hidden API Functionality Exposure
- Cross-Origin Resource Sharing Misonfiguration
- JSON Hijacking
- SQL Injection
- XML External Entity Injection (XXE)
- Command Injection
- XPATH Injection
- XML-RPC User Enumeration
- Open Redirect
- Path Traversal
- Unsafe Deserialization
- Sensitive Data Exposure
- GraphQL Access Control Issues
- GraphQL Introspection Enabled
- GraphQL Arbitrary File Write
- GraphQL Batching Brute Force
- Client Side Template Injection