Here is the video from my presentation on dvwa at the SuperMondays event in Newcastle Upon Tyne.
‘
‘
I think I must hold the record for the amount of “ammm…” ’s in a 16 minute period! My first public talk so much room for improvement.
After a month of coding Damn Vulnerable Web App (dvwa) v1.0.4 is ready for download.
‘
dvwa v1.0.4 has many changes from the 1.0.3 version. Mostly bug fixes and better design changes.
‘
1.0.4 Change log:
Added acunetix scan report. 24/06/2009
All links use http://hiderefer.com to hide referrer header. 23/06/2009
Updated/added ‘more info’ links. 23/06/2009
Moved change log info to CHANGELOG.txt. 22/06/2009
Fixed the exec.php UTF-8 output. 16/06/2009
Moved Help/View source buttons to footer. 12/06/2009
Fixed phpInfo bug. 12/06/2009
Made dvwa IE friendly. 11/06/2009
Fixed html bugs. 11/06/2009
Added more info to about page. 03/06/2009
Added pictures for the users. 03/06/2009
Fixed typos on the welcome page. 03/06/2009
Improved README.txt and fixed typos. 03/06/2009
Made SQL injection possible in sqli_med.php. Thanks to Teodor Lupan. 03/06/2009
‘
Any suggestions/feedback/contributions welcome!
‘
Download: http://sourceforge.net/projects/dvwa
Ive just finished coding a wordpress version fingerprinting plugin for w3af so I thought id let you all know what w3af is and how you can contribute too.
‘
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
‘
Any serious security professional should have w3af in their tool kit, w3af can discover, evade, audit and exploit web application vulnerabilities.
‘
The plugin I developed (wordpress_fingerprint) scans wordpress installations for their version. It does this by first checking that wordpress is installed, if it is it will check to see if the version is in the index header source code and will then go through a list of fingerprinting data. The plugin will find the version even if there is a security plugin installed.
‘
To contribute to w3af:
Mailing list: http://sourceforge.net/mail/?group_id=170274
IRC channel: irc://irc.freenode.net:8001/w3af
Download: http://sourceforge.net/projects/w3af/
‘
A big thanks to Andres Riancho for a great tool and for helping me develop the plugin.
That’s right, YOU!
‘
Damn Vulnerable Web App is an open source project and in order for it to be successful we need your contributions. So far dvwa has been solely developed by me with some help from a couple of friends, I my self cannot make the project as successful as it can be.
‘
We need contributions of any kind, suggestions, design, marketing, coding, ect…
‘
What benefits are their to contributing to an open source project? Lots! It enables you to enhance your skills/knowledge, it looks good on your CV, it gets your name/website around, it shows future employers that your dedicated to enhancing the security industry and much more…
‘
What we need:
Make the CSS cross platform.
Improve the current vulnerabilities.
Develop more vulnerabilities.
Improve the design/look/feel.
Design a logo.
Improve the code.
Get the word out.
Feedback.
Suggestions.
‘
How to contribute:
‘
You can contribute by leaving messages on this blog or by emailing 
. All code/content contributors can have their name/link on the about page in dvwa (if they wish).
I decided to make a video on installing and running dvwa, this is my first video so if I sound nervous its because I am.
‘
Hope you enjoy it…
‘
‘
Comments welcome, good or bad.
Follow me on