Damn Vulnerable Web App (DVWA) is a web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It has been developed for the use of information security professionals and students to test out their skillz and/or toolz in a legal environment.
Damn Vulnerable Web App is damn vulnerable! So don’t upload it to your hosting provider’s public html folder or have it up on any working web site as it will be hacked. I recommend downloading and installing Apache, PHP and MySQL onto a local computer inside your LAN which is used solely for testing.
I do not take responsibility for the way in which any one uses this application. I have made the purposes of the application clear and it should not be used maliciously.
To download DVWA click here.
It’s still in BETA version so I’m open to suggestions and criticism, if you download and use it please leave some feedback good or bad.