Damn Vulnerable Web Application

DVWA is a PHP/MySQL web application that is intentionally vulnerable. The goal is to learn common web vulnerabilities and improve your security skills by training yourself on your own server. 3 levels are available (low, medium and high) to perform those following attacks :

  • Bruce Force
  • Command Execution
  • CSRF
  • Captcha
  • File Inclusion
  • SQL Injection (plus Blind)
  • File Upload
  • XSS

The lowest level is usually pretty easy to bypass but the high level as a best practice presents the right way to protect your application.

The installation is pretty easy, you simply need to extract the zip archive found on DVWA official website  in the root directory of your web server. You will then have to configure a dedicated database because DVWA comes with two small tables.

A full tutoriel (fr) is available and you could find a lot of videos on Youtube about how to exploit the vulnerabilities.