Sunday 2 September 2012

Vulnerable Web Applications

Hey there,

really a long time without a new post, but hopefully this will change in the future.

In this post I was listing some vulnerable VMs that can be used for pentesting at home. There are also several vulnerable Web Applications available, that can be used for pentesting. I've found a really great overview of vulnerable Web Applications.

I will use for local testing now Damn vulnerable Web Application (DVWA)

Here is a short description about DVWA copied from the DVWA website:
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
So the only thing you will need, after downloading DVWA is Apache/PHP/MySQL environment. This      can be easily realized with XAMPP, as it is a full package containing Apache Webserver with PHP and a MySQL Database and is available for a lot of plattforms (Mac OS X/ Windows / Linux / Solaris).

Hopefully I will have some time to execute a pentest against DVWA and to post some findings about it :-)


No comments:

Post a Comment