These pages detail how to set up ZAP to scan a variety of test vulnerable web apps.
ZAP is primarily designed to scan “real world” apps, but we understand why people like testing against deliberately vulnerable apps.
Some of these apps act in “unusual” ways that are not often seen in real world app. Hence these pages 😁
AltoroJ / Testfire - a traditional app, infrequently updated
Gin & Juice Shop - a well maintained modern app
OWASP Juice Shop - a well maintained modern app