How to import the OWASP Broken Web Applications virtual machine in VirtualBox

Step 1

Download the OWASP BWA files:

Step 2

Create a folder and extract all files there. Probably a good idea to put the folder right next to your other virtual machines, if you have any. This folder shouldn’t move around.

Step 3

Open VirtualBox and create a new machine named OWASP BWA (or whatever) as Linux/Ubuntu. Set RAM to something appropriate (I’m using 2Gb because I can).

Use existing hard drive, select the files you just extracted.

Step 4



You might want to fiddle around with various settings, like bridging the network interface etc. It’s not recommended to allow anyone since OWASP BWA contains multiple security holes, though.

Join the Conversation


Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  1. I can’t extract the downloaded file, it tells me that file corrupted
    that happened with all the used extractors (rar, .7z, zip, …)
    is it really corrupted or there is something needs to be done ??

  2. Thanks Greenjam94! Your tip about the .osa (actually .ova) file was very helpful.

  3. Johnathan,

    Load the file that does not have the -s001 ending. Also, use Linux 32 bit with only 512 minimum. Then select use existing, and select the file without the -s001.

  4. You no longer have to set up using the VMware files. Instead download the .osa file on sourceforge and then use Virtualbox’s import application feature. It should be under file next to new application.

  5. Hi i tried following the steps (extracted the files on my desktop) but i receive an error when i try running the VDMK file on VirtualBox. The error says

    Failed to open the hard disk file C:\Users\sony\Desktop\OWASP Broken Web Apps-cl1-s001.vmdk

    Could not get the storage format of the medium ‘C:\Users\sony\Desktop\OWASP Broken Web Apps-cl1-s001.vmdk

    Could someone please help explain what did i do wrong in the installation?