Most intentionally vulnerable applications we know and use for training like DVWA, Juice Shop, and WebGoat are written in PHP , Node.JS and Java. While they are fantastic for learning security concepts, there has always been a gap for those working with modern ASP.NET Core applications.

That’s exactly why I created AspGoat 🐐, an intentionally vulnerable web application built with ASP.NET Core MVC + SQLite + EF Core, designed to help developers, security researchers, and bug bounty hunters sharpen their skills.

The latest release (v1.0.1) includes:

1. Polished Labs for OWASP Top 10 (and more) vulnerabilities.
2. Hands-on challenges covering XSS, SQL Injection, CSRF, SSRF, IDOR, Insecure Deserialization, Prototype Pollution, and more.
3. Secure Coding Challenges in order to understand the Whitebox aspect of Penetration Testing.
4. A fully supported official Docker image, so you can spin it up in seconds:

docker pull sohamburger/aspgoat:latest
docker run --rm -p 8000:8000 sohamburger/aspgoat:latest

Whether you’re a:

1. Developer who wants to understand how security vulnerabilities arise into modern ASP.NET Core Web Applications.
2. Security researcher or bug bounty hunter looking to sharpen your Penetration Testing skills.
3. Student preparing for AppSec interviews and AppSec certifications.

AspGoat is for you…

Explore the Project here 👉 : https://github.com/Soham7-dev/AspGoat

Issues, Contributions and Suggestions are always welcomed.