Damn Vulnerable Web Application
Damn vulnerable web application coded in PHP/MYSQL. PHP/MySQL web application that is damn vulnerable. Seriously it is too vulnerable.
It main goals are to be an aid for security professional to test their skills and tool in a legal environment, help web developers better understand the processes of security web applicarion and aid teachers/students to teach/learn web application security in a class room environment.
How to use DVWA?
You just have to go to this link http://www.dvwa.co.uk/ and download.
Once you downloaded.
Install it on the virtual machine (VMWARE or VIRTUAL BOX)
You will require XAMPP(for windows)
Then DVWA gives your local IP you can check this by typing in the virtual machine (ifconfing)
Then you have to type this IP in the Browser
That’s it now you in the DVWA Environment.
What are the Benefits of DVWA?
1)Hacking anything without the permission is a Crime. So as a student or beginners from where you got this permission so you can use this. For advanced users to sharpen their skill DVWA is the best platform.
2)In DVWA you do not have to take permission from other.you can simply install this in a virtual environment and start using it.
3)It is very simple to install.
4)This is the best place to do hacking.
5)In fact, this is running in your local environment and it is totally legal.
DIFFICULTIES LEVELS IN DVWA?
As the name suggests DVWA has many web vulnerabilities. Every vulnerability has four different security levels, low, medium, high and impossible. The security levels give a challenge to the ‘attacker’ and also shows how each vulnerability can be counter measured by secure coding.
Security level.
Impossible: In this level, you will face challenges like CTF and it is harder than the other level. This level gives difficulties which we face in the real world.
High: This vulnerability level gives the user an example of how to secure the vulnerability via secure coding methods. It lets the user understand how the vulnerability can be counter measured. This level of security should be un-hackable however as we all know this is not always the case. So if you manage to bypass it, that you are doing right.
Medium: This security level’s purpose is to give the ‘attacker’ a challenge in exploitation and also serve as an example of bad coding/security practices.
Low: This security level is meant to simulate a website with no security at all implemented in their coding. It gives the ‘attacker’ the chance to refine their exploitation skills.