Skip to content


Repository files navigation

BTS PenTesting Lab is an open source vulnerable web application, created by Cyber Security & Privacy Foundation ( It can be used to learn about many different types of web application vulnerabilities.

Currently, the app contains the following types of vulnerabilities:

  • SQL Injection
  • XSS(includes Flash Based xss)
  • CSRF
  • Clickjacking
  • SSRF
  • File Inclusion
  • Code Execution
  • Insecure Direct Object Reference
  • Unrestricted File Upload vulnerability
  • Open URL Redirection
  • Server Side Includes(SSI) Injection and more...