DVWA is a PHP/MySQL web application that is intentionally vulnerable. The goal is to learn common web vulnerabilities and improve your security skills by training yourself on your own server. 3 levels are available (low, medium and high) to perform those following attacks :
- Bruce Force
- Command Execution
- File Inclusion
- SQL Injection (plus Blind)
- File Upload
The lowest level is usually pretty easy to bypass but the high level as a best practice presents the right way to protect your application.
The installation is pretty easy, you simply need to extract the zip archive found on DVWA official website in the root directory of your web server. You will then have to configure a dedicated database because DVWA comes with two small tables.