Removed spacing, added webgoat, Wrongsecrets, owasp mobile apps (#37)

README.md

@@ -22,8 +22,8 @@
 - [Labs](#Labs)
 - [Mobile Apps](#Mobile-Apps)
 
-
 ## Vulnerable Web Applications
+
 - [BadStore](https://www.vulnhub.com/entry/badstore-123,41/) - Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.
 - [BodgeIt Store](http://code.google.com/p/bodgeit/) - The BodgeIt Store is a vulnerable web application which is currently aimed at people who are new to pen testing.
 - [Butterfly Security Project](http://thebutterflytmp.sourceforge.net/) - The ButterFly project is an educational environment intended to give an insight into common web application and PHP vulnerabilities. The environment also includes examples demonstrating how such vulnerabilities are mitigated.
@@ -65,13 +65,16 @@ Damn Vulnerable Web Services is an insecure web application with multiple vulner
 - [PuzzleMall](https://code.google.com/p/puzzlemall/) - A vulnerable web application for practicing session puzzling
 - [WackoPicko](https://github.com/adamdoupe/WackoPicko) -  WackoPicko is a vulnerable web application used to test web application vulnerability scanners
 - [WebGoat.NET](https://github.com/jerryhoff/WebGoat.NET/) - This web application is a learning platform that attempts to teach about common web security flaws. It contains generic security flaws that apply to most web applications
+- [OWASP WebGoat8](https://github.com/webgoat/webgoat) - OWASP Webgoat 8 is a learning platform that attempts to teach about common web security flaws. It contains generic security flaws that apply to most web applications, is written in Java and is actively maintained.
+- [OWASP WrongSecrets](https://github.com/commjoen/wrongsecrets) - OWASP WrongSecrets is a vulnerable app which shows how to not store secrets, and helps you to improve your secrets-hunting skills.
 - [WebSecurity Dojo](https://www.mavensecurity.com/web_security_dojo/) - A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
 - [XVWA](https://github.com/s4n7h0/xvwa) - XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security.
 - [Zap WAVE](https://code.google.com/p/zaproxy/downloads/detail?name=zap-wave-0.1.zip) - An easy to use integrated penetration testing tool for finding vulnerabilities in web applications
 - [Web-Security Academy](https://portswigger.net/web-security) - A free platform for learining and testing your Web Application security skills with practice labs and learning materials by Portswigger
-- [OWASP Juice Shop](https://juice-shop.herokuapp.com/) - An Open Source platform for testing Web-Application Security skills. The application contains a vast number of hacking challenges of varying difficulty level
+- [OWASP Juice Shop](https://github.com/juice-shop/juice-shop) - An Open Source platform for testing Web-Application Security skills. The application contains a vast number of hacking challenges of varying difficulty level
 
 ## Sites for Downloading Older Versions of Various Software
+
 - [Exploit-DB](http://www.exploit-db.com/) - The Exploit Database is maintained by Offensive Security, an information security training company that provides various Information Security Certifications as well as high end penetration testing services
 - [Old Apps](http://www.oldapps.com/) - Provide our users with a wide assortment of current versions of familiar software, and their predecessors for free
 - [Old Version](http://www.oldversion.com/) - Pick a software title... to downgrade to the version you love!
@@ -79,6 +82,7 @@ Damn Vulnerable Web Services is an insecure web application with multiple vulner
 - [All Version](http://www.PortableApps.com/) - PortableApps is the world's most popular portable software solution allowing you to take your favorite software with you
 
 ## Sites by Vendors of Security Testing Software
+
 - [Acunetix acuforum](https://testasp.vulnweb.com/) - A forum deliberately vulnerable to SQL Injections, directory traversal, and other web-based attacks
 - [Acunetix acublog](https://testaspnet.vulnweb.com/) - A test site for Acunetix. It is vulnerable to SQL Injections, Cross-site Scripting (XSS), and more
 - [Acunetix acuart](https://testphp.vulnweb.com/) -This is an example PHP application, which is intentionally vulnerable to web attacks. It is intended to help you test Acunetix
@@ -173,5 +177,7 @@ Compass Security is a well renowned European company specializing in penetration
 - [NcN Wargame](https://github.com/NocONName/Wargame_NcN2012) - No cON Name 2012 Challenges
 - [OWASP iGoat](https://code.google.com/p/owasp-igoat/) - The OWASP iGoat project is a security learning tool for iOS developers to learn about security weaknesses in iOS -- by breaking things as well as fixing them.
 - [OWASP Goatdroid](https://github.com/jackMannino/OWASP-GoatDroid-Project) - OWASP GoatDroid is a fully functional and self-contained training environment for educating developers and testers on Android security
+- [OWASP MSTG Hacking Playground](https://github.com/OWASP/MSTG-Hacking-Playground) - A set of mobile vulnerable apps of which you can exploit the vulnerabilities using techniques of the OWASP MSTG.
+- [OWASP MSTG Crackmes](https://github.com/OWASP/owasp-mstg/tree/master/Crackmes) - A set of mobile apps that help you to improve your reverse engineering skills base don the [OWASP MSTG](https://github.com/OWASP/owasp-mstg).
 
 Contributions are always appreciated