I will post a series tutorial of web application vulnerabilities and how to learn about these vulnerabilities through practice. Throughout the series we will learn about the common vulnerabilities including Cross-site scripting, SQL injections, etc.
In this post, we will install a vulnerable platform named
Damn Vulnerable Web Application (DVWA).
What DVWA offers
DVWA includes some most popular vulnerabilities including:
- Brute Force
- Command Injection
- File Inclusion/Upload
- Insecure CAPTCHA
- SQL Injection
- XSS (DOM/Reflected/Stored)
First, we need to install XAMPP. XAMPP includes Apache web server along with MariaDB, PHP and Perl. Download it from the Official Site and install on your machine.
If you are running a macOS like me, you will not find it after installing if you search using the keyword
XAMPP. You will have to use
manager-osx to start the XAMPP control panel.
First, download DVWA from the official site.
Now, copy it to the
htdocs folder under the
Do the following to the
config.inc.php file located under the
$_DVWA[ 'db_user' ] = 'root'; $_DVWA[ 'db_password' ] = '';
Then go the browser
localhost/dvwa/setup.php and click on the
create/reset database button.
it will redirect to the login page where the default
- username: admin
- password: password
That’s all for today. I will post the next tutorials as early as possible.
Till then, cheers!!!