1 minute read

I will post a series tutorial of web application vulnerabilities and how to learn about these vulnerabilities through practice. Throughout the series we will learn about the common vulnerabilities including Cross-site scripting, SQL injections, etc.

In this post, we will install a vulnerable platform named Damn Vulnerable Web Application (DVWA).

What DVWA offers

DVWA includes some most popular vulnerabilities including:

  • Brute Force
  • Command Injection
  • CSRF
  • File Inclusion/Upload
  • Insecure CAPTCHA
  • SQL Injection
  • XSS (DOM/Reflected/Stored)

Install XAMPP

First, we need to install XAMPP. XAMPP includes Apache web server along with MariaDB, PHP and Perl. Download it from the Official Site and install on your machine.

If you are running a macOS like me, you will not find it after installing if you search using the keyword XAMPP. You will have to use manager-osx to start the XAMPP control panel.

Install DVWA

First, download DVWA from the official site.

Now, copy it to the htdocs folder under the /Applications/XAMPP directory.

Do the following to the config.inc.php file located under the config folder:

$_DVWA[ 'db_user' ] = 'root';
$_DVWA[ 'db_password' ] = '';

Then go the browser localhost/dvwa/setup.php and click on the create/reset database button.

it will redirect to the login page where the default

  • username: admin
  • password: password

That’s all for today. I will post the next tutorials as early as possible.

Till then, cheers!!!

Leave a comment