diff --git a/web_application_testing/README.md b/web_application_testing/README.md
index 4a6f6a1..16dc762 100644
--- a/web_application_testing/README.md
+++ b/web_application_testing/README.md
@@ -11,6 +11,19 @@ The following are a few popular tools that you learned in the video courses part
 * [httrack](https://www.httrack.com/)
 * [skipfish](https://code.google.com/archive/p/skipfish/)
 
+## WebSploit
+
+[WebSploit](http://h4cker.org/websploit) is a virtual machine (VM) created by [Omar Santos](https://omarsantos.io) for different Cybersecurity Ethical Hacking (Web Penetration Testing) training sessions delivered at [DEFCON](https://www.wallofsheep.com/blogs/news/packet-hacking-village-workshops-at-def-con-26-finalized), [Live Training in Safari](https://www.safaribooksonline.com/search/?query=omar%20santos&extended_publisher_data=true&highlight=true&is_academic_institution_account=false&source=user&include_assessments=false&include_case_studies=true&include_courses=true&include_orioles=true&include_playlists=true&formats=live%20online%20training&sort=relevance), [video on demand LiveLessons](https://www.safaribooksonline.com/search/?query=omar%20santos&extended_publisher_data=true&highlight=true&is_academic_institution_account=false&source=user&include_assessments=false&include_case_studies=true&include_courses=true&include_orioles=true&include_playlists=true&formats=video&sort=relevance), and others. 
+
+The purpose of this VM is to have a lightweight (single VM) with a few web application penetration testing tools, as well as vulnerable applications.
+
+The following are the vulnerable applications included in [WebSploit](http://h4cker.org/websploit):
+- Damn Vulnerable Web Application (DVWA)
+- WebGoat
+- Hackazon
+- OWASP Juice Shop
+- OWASP Mutillidae 2
+
 ## How to Integrate OWASP ZAP with Jenkins
 You can integrate ZAP with Jenkins and even automatically create Jira issues based on your findings. You can download the [ZAP plug in here](https://wiki.jenkins.io/display/JENKINS/zap+plugin).