DVWA is a PHP/MySQL web application that is intentionally vulnerable. The goal is to learn common web vulnerabilities and improve your security skills by training yourself on your own server. 3 levels are available (low, medium and high) to perform those following attacks :

  • Bruce Force
  • Command Execution
  • CSRF
  • Captcha
  • File Inclusion
  • SQL Injection (plus Blind)
  • File Upload
  • XSS

The lowest level is usually pretty easy to bypass but the high level as a best practice presents the right way to protect your application.

The installation is pretty easy, you simply need to extract the zip archive found on DVWA official website  in the root directory of your web server. You will then have to configure a dedicated database because DVWA comes with two small tables.

A full tutoriel (fr) is available and you could find a lot of videos on Youtube about how to exploit the vulnerabilities.


AWS takeover through SSRF in JavaScript

Here is the story of a bug I found in a private bug bounty program on [Hackerone](https://hackerone.com/){:target="_blank"}.It took me ex...… Continue reading

« Vulnerability in HD FLV Player

Published on December 15, 2014

Pentest - Vulnerability assessment tools »

Published on November 04, 2014