Damn Vulnerable Web App (DVWA)


Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.


Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. Used to learn or teach the art of web application security.

New updated version is available with new features 
  • The vulnerability help page has been improved.
  • We now display the logged on username along with the vulnerability level and php-ids status.
  • Blind SQL injection has been implemented.
  • We now have official documentation.
  • You can now compare all vulnerable source code in one page with the ‘view all’ button.
  • The whole theme has been redesigned, including a new great looking logo.
  • Many bug fixes and small changes throughout the application.
Damn Vulnerable Web App Web Site

Download -
DVWA is available either as a package that will run on your own web server or as a Live CD
DVWA v1.0.7 (latest) - (1.3MB) Download
DVWA v1.0.7 LiveCD - (480MB) Download

The documentation for DVWA can be downloaded by following this link.

DVWA is available either as a package that will run on your own web server or as a Live CD

For Installation of DVWA , We need to Install Web Server like XAMPP.
Procedure for installing XAMPP Web server is mentioned in my previous post
How to make your own Webserver- Host Webpages on your own computer

After Installation of XAMPP server.Copy DVWA Directory to xamp installation folder.

E.g. C:\xampp\htdocs or E:\ xampp\htdocs
& then start xampp services.
Then browse the dvwa site
by http:\\localhost\dvwa or http:\\127.0.0.1\dvwa



Default user id - admin
Password - password
& your DVWA application is ready for Testing

For More Information & vidoes on DVWA
http://www.dvwa.co.uk/
Tutorgig.info
www.perspectiverisk.com