Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A vulnerable demo site for people to learn about Web Application Security
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
CreateUser Yikes, big commit!
.gitignore Small details. Added LICENSE & README files, updated .gitignore
LICENSE Small details. Added LICENSE & README files, updated .gitignore
SuperSecureBank.sln Yikes, big commit!

SuperSecure bank is very much a fictional online bank. It was created to help demonstrate common web vulnerabilities. Any resemblance to any other bank is purely coincidental and is actually quite regrettable. This website is truly riddled with security vulnerabilities, do not use any aspect of this site as an example of how to create an online site. Do not reproduce any line of code in a production system. Any failure to do so will likely cause your entire website to become very insecure.

That said, this site is intended to help interested people learn about common web vulnerabilities. Each vulnerability in this system has been seen in the wild in recent history. These vulnerabilities represent a wide array of potential issues that hackers and other malicious users may attempt to exploit. Failure to protect yourself against these types of issues could result in any number of myriad vulnerabilities, not limited to complete server compromise and data loss.

I’ve created this website to help teach, if you have questions about the code, or how to find or fix these issues please feel free to contact me directly at:

I hope you have as much fun breaking this site as I had creating it. Happy Hacking!

Something went wrong with that request. Please try again.