Setting up BadStore Vulnerable WebApp In 2014 Using VMWare


While taking part in the Software Security course offered through Coursera, one of the projects requires you to setup a virtual instance of BadStore.

BadStore is a deliberately vulnerable web application, which offers a hands-on approach to finding and exploiting web based vulnerabilities. It’s an older piece of software, but the material is still relevant today.

This beauty of a site is ripe with vulnerabilities to practice with.

The BadStore site is ripe with vulnerabilities to practice your penetration testing skills with.

BadStore is available at I also have a copy below as the site was not responding when I was originally setting up the project.

It required a couple of attempts for me to get it working under VMWare as this is based on an older Linux kernel, and seeing the questions on the discussion forums I figured I’d outline the steps to getting it setup for anyone who is running into issues.

Continue reading