DVWA is a PHP/MySQL web application that is intentionally vulnerable. The goal is to learn common web vulnerabilities and improve your security skills by training yourself on your own server. 3 levels are available (low, medium and high) to perform those following attacks :

  • Bruce Force
  • Command Execution
  • CSRF
  • Captcha
  • File Inclusion
  • SQL Injection (plus Blind)
  • File Upload
  • XSS

The lowest level is usually pretty easy to bypass but the high level as a best practice presents the right way to protect your application.

The installation is pretty easy, you simply need to extract the zip archive found on DVWA official website  in the root directory of your web server. You will then have to configure a dedicated database because DVWA comes with two small tables.

A full tutoriel (fr) is available and you could find a lot of videos on Youtube about how to exploit the vulnerabilities.


The bug bounty program that changed my life

This is a real story or not, that occured in mid 2017 or not, about a private program or not, on Hackerone or not, believe me or not, but...… Continue reading

« Vulnerability in HD FLV Player

Published on December 15, 2014

Pentest - Vulnerability assessment tools »

Published on November 04, 2014