Damn Vulnerable Web App, version 1.0.4
I’ve been looking at DVWA (current version is 1.0.4) and it is showing promise, especially as web application security is one of my weaker skill sets having limited experience in this field. DVWA currently focuses on six different attack vectors:
- Command Execution
- File Inclusion
- SQL Injection
- File Upload
- Cross Site Scripting (XSS)
Each section provides help to exploit the target vulnerability, as well as providing access to the source code for white box review to aid full understanding of how the vulnerability exists and how it can be protected against. Each example attack vector also has the option of setting variable levels of implemented security, providing increasingly advanced attack vectors.
DVWA provides a solid basis for investigating and studying web application security issues, as well as a multitude of great links for further reading. For those of you with skill, or those that learn quickly there currently are vulnerabilities in even the high-security level versions of the code, but I’ll leave finding this as an excise for the reader.
Nice work Ryan, keep it up.