Platform

Pentera Platform

A single platform for everything security validation and remediation

Learn more

Pentera Labs Research

Advanced research of the latest attack techniques

Integrations

Connect exposure validation with your security ecosystem

Safety & Compliance

Controlled execution with audit proof

Products

Pentera Core

Internal network security validation

Pentera Surface

External network security validation

Pentera Cloud

Cloud identity and hybrid environment security validation

Pentera Resolve

Automated remediation orchestration

Research

Pentera Labs

Elite cyber threat researcher team

Learning

Cybersecurity glossary

Security validation terminology and definitions

Customers

Customer stories

Read how some of the world's most forward-thinking companies validate their security

Video testimonials

See what people who use Pentera have to say about it

“Pentera helps us prioritize what truly matters and gives us confidence we are covering our global environment continuously.”

“Seeing a domain admin account cracked in production changed how we view internal exposure.”

“Pentera helped us advance our red team and continuously improve penetration testing.”

“Pentera makes it easier to focus on what is truly exploitable instead of chasing long vulnerability lists.”

“In a complex, large-scale environment, Pentera delivers the speed and visibility security teams need.”

“Pentera amplified our team’s performance and delivered measurable value to upper management.”

Resources

Company

Learn who are we and what’s our mission

Careers

Open roles across engineering, research, and go-to-market

Trust Center

Security, privacy, compliance, and certifications

Write to us and we’ll get back to you

Partners

Become a Partner

Become a Pentera partner

Partner Program

Learn how we support our partners across the globe

Partner Login

Access the partner portal

News & Press

Newsroom

Company announcements and press releases

Meet us at RSAC Talk to an Expert

ON-DEMAND WEBINAR

When the Lab Door Stays Open: Exposed Training Apps Exploited for Fortune 500

Webinars

Feb 16, 2026

A research-led deep dive into publicly exposed vulnerable training apps, how attackers exploit them to reach underlying cloud infrastructure, and why “lab environments” routinely become real-world breach paths.

Training apps like DVWA, Juice Shop, bWAPP, and Hackazon are commonly used to teach OWASP Top 10 vulnerabilities and support demos and proof-of-value exercises. The problem is that these intentionally vulnerable apps often escape lab boundaries and end up exposed on real infrastructure, including cloud environments connected to broader organizational systems. This session presents a research-driven investigation into how common these exposures are at scale, how they were found using OSINT search engines and fingerprinting techniques, and what happens after exploitation. Findings include a large pool of candidates narrowed to verified exposed training apps, many hosted on major cloud providers, and cases where cloud identities enabled access beyond the vulnerable app. It also covers evidence that some exposed environments were already compromised, including cryptomining campaigns and persistence mechanisms.