Damn Vulnerable Web Application (DVWA)

What is Damn Vulnerable Web Application (DVWA) ?

Damn vulnerable web app (DVWA) is a tool designed for web penetration testing.You can practice your skills in a legal environment on your local computer. As the name suggest DVWA is vulnerable for Sql Injection,xss and remote file inclusion and bruteforce etc.

Interface of Damn Vulnerable Web Application.

- For testing web security tools a target which has plenty vulnerabilities is needed. The Damn Vulnerable Web Application (DVWA) provides a PHP/MySQL web application that is damn vulnerable.

- It provides you a lab on your local computer to practice your skills without having set to up virtual machines.

- It's main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

In simple words it's a light weight, easy to use and has vulnerabilities to exploit.
Damn Vulnerable Web App is a great application to plunge yourself in.DVWA is a PHP/MySQL web application that is damn vulnerable literally, and frankly it can be used to learn or teach the art of web application security.

The DVWA is bundled with the following type of vulnerabilities -
- SQL Injection
- XSS (Cross Site Scripting)
- LFI (Local File Inclusion)
- RFI (Remote File Inclusion)
- Command Execution Upload Script
- Login Brute Force
WARNING !! (Shamelessly ripped off from official statement) It should come as no shock..but this application is damn vulnerable! Do not upload it to your hosting provider’s public html folder or any working web server as it will be hacked. It’s recommend that you download and install XAMP onto a local machine inside your LAN which is used solely for testing.

Things required to set Up Damn Vulnerable Web Application (DVWA) -

- Kali Linux
- DVWA - Download it from here
- Apache web server (Pre-Installed In Kali Linux)

Once you have downloaded Damn Vulnerable Web Application (DVWA) zip file then you have to unzip the file. 

In case, if you are windows user, it won't be easy to install the Damn Vulnerable Web Application Environment on your PC. For that you need, XAMPP and DVWA in Windows. For easy installation and better understanding, watch the video below and follow the steps -

In case if you are Windows user, installing DVWA won't be easy for you. In that case, you need XAMPP.

What is XAMPP ?

XAMPP is a free and open source cross-platform web server solution stack package developed by Apache Friends, consisting mainly of the Apache HTTP Server, MariaDB database, and interpreters for scripts written in the PHP and Perl programming languages. Download it from here

Now, we have downloaded XAMPP and DVWA, for easy installation and understanding, I've attached a video below -

Hope you liked it! Incase, any error occurs, feel free to comment below :)

EnJoY!