[OWASP Bricks] Modular Deliberately Vulnerable Web Application

Wednesday, June 12, 2013

  •  Bricks is a deliberately vulnerable web application built on PHP and MySQL.
  • The project focuses on variations of commonly seen application security vulnerabilities and exploits.
  • Each 'brick' has some sort of vulnerability which can be exploited using tools (Mantra and ZAP).
  • The mission is to 'break the bricks' and thus learn the various aspects of web application security.


Challenge Page URL Documentations
1 Log in page #1 bricks/login-1/ Text, Video
2 File upload page #1 bricks/upload-1/ Text, Video
3 Content page #1 bricks/content-1/ Text, Video
4 Log in page #2 bricks/login-2/ Text, Video
5 Content page #2 bricks/content-2/ Open for public to break.

Road map

  1. Demonstrate maximum variations of most common vulnerabilities
  2. Help people to learn the need of secure codding practices and SSDLC
  3. Attract people to design more bricks
  4. Become a test bed for analyzing the performance of web application security scanners.
  5. Help people learn the manual method of testing the applications
  6. Demonstrate the possibilities of various security tools and techniques
  7. Become a platform to teach web application security in a class room/lab environment. 

Subscribe via e-mail for updates!