Practice your skills in safe, legal environments with these world-class platforms
The most comprehensive free training platform for web application security. Created by the makers of Burp Suite, featuring interactive labs covering SQL injection, XSS, CSRF, and dozens of other vulnerabilities.
Gamified cybersecurity training platform with 1.7M+ users. Features virtual machines, challenges, and realistic corporate scenarios. Perfect for offensive and defensive security training.
Learn cybersecurity through short, gamified real-world labs. Features cloud-hosted VMs deployable with one click. Over 4M users trust TryHackMe for offensive, defensive, and cloud security training.
World's largest free hacking competition from Carnegie Mellon University. Designed for middle school through professional level. Features picoGym for year-round practice with cryptography, forensics, web exploitation, and binary challenges.
Collection of wargames teaching security concepts through hands-on challenges. Start with Bandit for Linux basics, progress to Leviathan for binary analysis, and Narnia for buffer overflows. Perfect for building fundamental skills.
One of the oldest and most respected free hacking training grounds. Features basic to advanced challenges teaching web application security, programming, cryptography, and steganography in a safe, legal environment.
Download vulnerable virtual machines for offline penetration testing practice. Features hundreds of community-created VMs covering network pentesting, web exploitation, privilege escalation, and real-world scenarios. Perfect for building a personal lab.
Interactive prompt injection challenge by Lakera. Try to make Gandalf reveal secret passwords through 8 progressively difficult levels with increasingly sophisticated defenses. Learn how LLMs can be exploited and defended against prompt injection attacks in a gamified environment.
Beat the Bot challenge from Immersive Labs. Interactive prompt injection training with multiple difficulty levels. Learn to identify and exploit LLM vulnerabilities including DLP bypass, word filtering, and translation tricks in realistic scenarios.
Educational project showcasing LLM security vulnerabilities. 10 hands-on CTF-style challenges inspired by OWASP LLM Top 10. Run locally using Ollama framework with open-source models. Learn prompt injection, jailbreaking, and AI red teaming in a safe environment.
Google's interactive training platform dedicated to Cross-Site Scripting (XSS) vulnerabilities. Six progressive levels teaching you to find and exploit XSS bugs. Learn the coding patterns that lead to XSS and how to prevent them.
Intentionally vulnerable web application from Google. Practice finding and exploiting common web security flaws including XSS, CSRF, information disclosure, denial of service, and path traversal vulnerabilities.