Guest Post: Damn Vulnerable Web App
Damn Vulnerable Web App (DVWA) is a web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It has been developed for the use of information security professionals and students to test out their skillz and/or toolz in a legal environment.
‘
Damn Vulnerable Web App v.1 has just been released in the past hour. The BETA version has had over 500 downloads in the past couple of months so I thought I would further develop it and make it open source.
‘
Changelog:
Made command execution more realistic.
Added help buttons.
Added .htaccess file to turn magic quotes off.
Improved database creation with setup.php.
Amended installation instructions in README file.
Added GNU GPL license.
Added a robots.txt file with disallow all.
Removed link to www.ethicalhacker.co.uk in footer.
Added better error output on magic quotes.
‘
There are alternatives out there such as irongeek’s Multillidae and Andrew Kramer’s Peruggia. However DVWA is not meant to be as realistic as a real web app, it is meant to be as easy to use as possible for beginners to learn or for teachers to teach.
‘
To download and/or contribute to DVWA:
http://sourceforge.net/projects/dvwa/
‘
Thanks Craig for the guest post!
ethicalhack3r
June 12th, 2009 at 11:39:39
Hi Craig, it is very good and vulnerable app for starters.
I have installed myself
i need guidance in SQL injection at medium level as to how to bypass mysql_real_escape function. It would be great if you could provide me pointers and references.
Thanks
June 25th, 2009 at 09:34:41
Hi,
As this was a guest post by ethicalhack3r it would probably be best if you asked him about this – I do not know if it is possible to bypass that function but you may want to ask him, he can be found over at http://www.ethicalhack3r.co.uk