Damn Vulnerable Web App, version 1.0.4

Ryan Dewhurst of ethicalhack3r.co.uk has created and been maintaining Damn Vulnerable Web App (DVWA). The goal of the project is to aid learning and teaching of the art of web application security.

Ryan provided an overview and demo of the suite at a recent SuperMondays open podium event, you can find an archive of the presentation here.

I’ve been looking at DVWA (current version is 1.0.4) and it is showing promise, especially as web application security is one of my weaker skill sets having limited experience in this field. DVWA currently focuses on six different attack vectors:

  • Brute-force
  • Command Execution
  • File Inclusion
  • SQL Injection
  • File Upload
  • Cross Site Scripting (XSS)

Each section provides help to exploit the target vulnerability, as well as providing access to the source code for white box review to aid full understanding of how the vulnerability exists and how it can be protected against. Each example attack vector also has the option of setting variable levels of implemented security, providing increasingly advanced attack vectors.

DVWA provides a solid basis for investigating and studying web application security issues, as well as a multitude of great links for further reading. For those of you with skill, or those that learn quickly there currently are vulnerabilities in even the high-security level versions of the code, but I’ll leave finding this as an excise for the reader.

Nice work Ryan, keep it up.
Andrew Waite

Join the conversation

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *