15 Vulnerable Sites For Legal SQL Practice In 2018

SQL Practice

SQL Practice | Practice is the key to perfection. You can only defend your website if you know its vulnerabilities. But how and where you can practice SQL websites to improve my website security is an intriguing question. I spent hours searching on the internet and end up with this list of open source web application and programs to practice SQL injections, Cross-site scripting, Cross-site script inclusion, information disclosure, and remote code execution.

You can play games online, answer quires and download web applications for a specific environment to increase your skills in web application security. You can also use it to find vulnerabilities in other web application to work as grey or white hat hacker to earn money.

Here are some best websites to Practice SQL for Developers and Pen Tester


Buggy web application which is also known as bWAPP is created by Malik Mesellem. It is a buggy web application designed for student, pen-testers, web security to practice SQL in real life scenario. It offers every possible well-known bug which also includes OWASP Top 10 project and 100+ other vulnerabilities. It is a PHP based application which used MySQL database. You can use it on Linux or windows. They also offer tutorials. You can download it from here.

Damn Vulnerable iOS application (DVIA)

This is one of the few iOS mobile application for mobile app developers to practice their SQL skills. It is specially designed to test iOS app penetration skills legally. DVIA covers almost every possible ios app vulnerability. It works with iOS version 7 and above. They also offer training and solution to most problems iOS developers face while testing. You can learn more about damn vulnerable iOS app here.

Game of Hacks

Game of hacks is actually a game to test your skills in finding bugs and vulnerabilities in a code. You have to do this in a certain time frame. You can also add your code to this game to get feedback from other players. You can either play Game of Hacks as a single player or challenge a friend. They offer three different levels (beginner, wannabe, and advance) to test your SQL Practice skills. You can play this game here. So hurry up and enjoy this game. This game is one of the best practices for code analysis within a time frame.

Google Gruyere

Google Gruyere help you in learning three basic skills.

  1. Helps you to find vulnerabilities in security.
  2. Learn how to exploit these vulnerabilities like a pro hacker.
  3. Learn to hide these loopholes and vulnerabilities from hackers.

You can find multiple security bugs in Gruyere. They can be XSS (Cross site scripting), XSSI (Cross-site script inclusion), DOS (denial of service), information disclosure, and remote code for execution. They designed this codelab so you can learn to find these bugs and fix them in both natural environment and Google Gruyere. This app is a good SQL practice ground for both white hat and black hat hackers as you can play on any side of the field.  For more visit official website of Google Gruyere by clicking here.


With HackThis!!, you can learn a lot about the security of your own website. They offer 50+ levels to practice SQL hacking skills. These levels almost cover all aspects of hacking, dumping and defacing a website. They also have a forum with more than .25 million active users and tons of articles. You can register on their website using facebook account or email. So hurry up and practice SQL to keep your own website safe and sound. You can visit their official website by clicking here.

Hack This Site

Hack This Site is a great platform to increase your hacking skills. They have a wide variety of challenges to practice. They also have a great informative blog section and an active forum with tons of like-minded people. You can visit their official website by clicking here.

Hellbound Hackers

Hellbound Hackers is a great source of information to learn how hacker to keep hacker away from your site. They have tons of challenges so you can learn to identify and fix the problem in the code. Their articles are very informative. Hellbound Hackers forum is also hell active. You can learn basic to advance web hacking and application cracking with help of Hellbound Hackers. For more visit their official website.

McAfee HacMe Sites

McAfee is one of the biggest shareholders of internet security. They launched a number of sites in 2006 for pen testing purpose. They have a number of sites which offers real-life scenarios with real-life problems. They have a wide variety of apps from travel, shipping, casino, bank and many more. Every project has its own set of vulnerabilities and challenges.

You can search McAfee HacMe sites in Google to download Hacme Bank, Hacme Books, Hacme Bank for Android, Hacme Casino, Hacme Shipping, and Hacme Travel.

Mutillidae 2

OWASP Mutillidae 2 Project is a deliberately vulnerable web application for pen tester and security enthusiasts. It is widely used in security courses all around the world. Mutillidae can be used on both Linux and window. It also offers hints for students which makes it easy to use. You can download Mutillidae 2 and learn more about that on their official website


 OverTheWire is a fun-filled way to practice and learn concepts of web and application security. They offer games from beginner to advance level to test your skills. You can start with bandit which is fairly easy for beginners before advancing to more difficult ones like maze, drifter, semtex, and manage. Every game is different from its predecessors. You can play war games by clicking here


Perruggia is another platform to learn about common attacks and defense on web applications. It is totally safe and legal to practice your SQL skills on peruggia. Peruggia will surely help you to locate and solve the issue on your own website to limit security risk. You can download peruggia from Here

Root Me

Root Me offers more than 250 unique challenges and 50+ virtual environment to practice your hacking skills. All these challenges will ask you to practice almost 1900+ solutions to improve your security and hacking skills. For more visit Root Me Official website by click here.


Try2Hack is one the oldest site for practicing hacking and security skills. They offer tons of challenges to improve your abilities to locate and fix the problem. You have to follow the rules set by admin to practice on Try2Hack. You can also join IRC channel to ask a question to find help. You can start from their official website. 


Vicnum is a project of OWASP which consist of games based on vulnerable web apps. You can practice cross-site scripting and SQL and session issues. You can also tweak this application to suit your own specific requirement which makes it best for teachers. You can see download CTF’s and play games on their official website by clicking here


WebGoat is one of the most popular projects of OWASP. This is designed deliberately with lots of vulnerabilities to teach web application security. This is a good source for learning complex web application security in a realistic environment. You can install it on Linux, OSX Tiger, and windows. WebGoat also has two different versions for .NET and J2EE. You can download and learn more about WebGoat from their official website by clicking here

15 Vulnerable Sites For Legal SQL Practice In 2017

All these websites offer you a legal environment to practice SQL and other website vulnerabilities. All this will help you to improve your own website security. You can also learn these skills to start a career as a white hat hacker.


You can also download PDF of a list of illegal SQL vulnerable websites

Note: Kindly don’t use these SQL practice application and websites to cause harm. It is an illegal and criminal act which is punishable in most parts of the world. 

SQL Practice, SQL Practice, SQL Practice


Please enter your comment!
Please enter your name here