While taking part in the Software Security course offered through Coursera, one of the projects requires you to setup a virtual instance of BadStore.
BadStore is a deliberately vulnerable web application, which offers a hands-on approach to finding and exploiting web based vulnerabilities. It’s an older piece of software, but the material is still relevant today.
The BadStore site is ripe with vulnerabilities to practice your penetration testing skills with.
BadStore is available at http://www.BadStore.net. I also have a copy below as the site was not responding when I was originally setting up the project.
It required a couple of attempts for me to get it working under VMWare as this is based on an older Linux kernel, and seeing the questions on the discussion forums I figured I’d outline the steps to getting it setup for anyone who is running into issues.