Web Scanner Test Site

This site is setup to test automated Web Application scanners like AppSpider
You can view a sample report at htt
DB tests: DB Inject Tests Blind SQL Tests
CSRF tests: Cross Site Scripting Tests CSRF Tests
CORS tests: CORS test page
JS tests: SOAP SPA page REST SPA page React versions Angular Versions
Basic tests:
OS Command Inject Tests Java Grinder Tests Directory Browse Tests Resource Finder Tests Malicious iFrame detection Web 2.0 / AJAX Tests Go nowhere. Intentional dead link Lots of static Pages XPath Injection Tests Browser Cache Tests Business Logic Tests
A big picture
The form based credentials are testuser/testpass, and the HTTP Basic credentials are btestuser/btestpass.
Privacy Policy