Install and configure DVWA

https://github.com/digininja/DVWA

DAMN VULNERABLE WEB APPLICATION

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.

Download

While there are various versions of DVWA around, the only supported version is the latest source from the official GitHub repository. You can either clone it from the repo:

git clone https://github.com/digininja/DVWA.git

Or download a ZIP of the files.

Installation and configuration

Installation Videos

How to set difficulty

Go to DVWA Security page: http://localhost/DVWA/security.php (URL can be changed), and set security level desired, then press submit button.

In all exercise you need to activate a proxy (between user's browser and the target app), to intercept, inspect and modify requests and responses. In my case i used BurpSuite with FoxyProxy extension.

References

For the making of this solution the following resource were used:

Last updated