It's against the law to do security or penetration testing without permission. Developing the skills of security testing requires a proper testing environment or a training platform. These security-testing environments are purpose-built vulnerable web or mobile applications. Some security-testing environments even provide online tutorials to guide you through the security-testing tips. Refer to the OWASP projects listed below for a comprehensive list of online or offline virtualization images for the security-testing environment. If it's possible, set up an in-house security-testing environment instead of using the external online testing site. Here are some vulnerable application projects that can help to build ...