| Vulnerable Application | Platform |
| 1 | SPI Dynamics (live) | ASP |
| 2 | Cenzic (live) | PHP |
| 3 | Watchfire (live) | ASPX |
| 4 | Acunetix 1 (live) | PHP |
| 5 | Acunetix 2 (live) | ASP |
| 6 | Acunetix 3 (live) | ASP.Net
|
| 7 | PCTechtips Challenge (live) | |
| 8 | Damn Vulnerable Web Application | PHP/MySQL |
| 9 | Mutillidae | PHP |
| 10 | The Butterfly Security Project | PHP |
| 11 | Hacme Casino | Ruby on Rails |
| 12 | Hacme Bank 2.0 | ASP.NET (2.0) |
| 13 | Updated HackmeBank | ASP.NET (2.0) |
| 14 | Hacme Books | J2EE |
| 15 | Hacme Travel | C++ (application client-server) |
| 16 | Hacme Shipping | ColdFusion MX 7, MySQL |
| 17 | OWASP WebGoat | JAVA |
| 18 | OWASP Vicnum | PHP, Perl |
| 19 | OWASP InsecureWebApp | JAVA |
| 20 | OWASP SiteGenerator | ASP.NET |
| 21 | Moth | |
| 22 | Stanford SecuriBench | JAVA |
| 23 | SecuriBench Micro | JAVA |
| 24 | BadStore | Perl(CGI) |
| 25 | WebMaven/Buggy Bank (very old) | |
| 26 | EnigmaGroup (live) | |
| 27 | XSS Encoding Skills – x5s (Casaba Watcher) | |
| 28 | Google – Gruyere (live) (previously Jarlsberg) | |
| 29 | Exploit- DB | Multi-platform |
| 30 | The Bodgeit Store | JSP |
| 31 | LampSecurity | PHP |
| 32 | hackxor | Perl(CGI) |
| 33 | OWASP – Hackademic | PHP |
| 34 | Exploit.co.il-WA | PHP |