“There is no delight in owning anything unshared.”

LAB Testing with DVWA – [Installation]

DVWA is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment. Beside it’s also provide a better understanding for web developers in securing web applications and a web application learning environments for newbies.

WARNING!! – from DVWA: User are not suppose and not encourage to  upload it to your hosting provider’s public html folder or any working web server as it will be hacked!! 

Step 1: [Installation] Guide from DVWA:

http://www.youtube.com/watch?v=GzIj07jt8rM

Default username = admin

Default password = password

  • Installation of  DVWA can be done by installing ‘XAMPP’ if you do not have a web server setup.
  • XAMPP is a very easy to install Apache Distribution for Linux, Solaris, Windows and Mac OS X. The package includes the Apache web server, MySQL, PHP, Perl, a FTP server and phpMyAdmin.
  • XAMPP can be downloaded from: http://www.apachefriends.org/en/xampp.html
  • Simply unzip dvwa.zip, place the unzipped files in your public html folder, then point your browser to http://127.0.0.1/dvwa/index.php

Step 2: [Setup Database]

Click on the Setup button in the main menu, then click on the ‘Create / Reset Database’ button. This will create / reset the database for you with some data in.

Database Setup DVWA

‘After installation, DVWA is successful hosted and running on My SQL backend Database’

Any error while trying to create your database, make sure your database credentials are correct within /config/config.inc.php

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s