This post lists some tools to create deliberately vulnerable web applications. Though it may look that it makes no sense to be able to build insecure web applications, it is useful to test your pentesting skills.
List of Deliberately Vulnerable Web Applications
Tools to create deliberately vulnerable web applications featured on this post:
- WebGoat
- Damn Vulnerable Web Application (DVWA)
WebGoat
https://owasp.org/www-project-webgoat/