[WEB SECURITY] Damn Vulnerable Web App

Ryan Dewhurst ryandewhurst at gmail.com
Wed May 27 12:36:01 EDT 2009

Damn Vulnerable Web App

Damn Vulnerable Web App (DVWA) is a web application that is damn
vulnerable. Its main goals are to be light weight, easy to use and
full of vulnerabilities to exploit. It has been developed for the use
of information security professionals and students to test out their
skillz and/or toolz in a legal environment.


SQL Injection

XSS (Cross Site Scripting)

LFI (Local File Inclusion)

RFI (Remote File Inclusion)

Command Execution

Upload Script

Login Brute Force

And much more…


Damn Vulnerable Web App is damn vulnerable! Do not upload it to your
hosting provider’s public html folder or any working web server as it
will be hacked. I recommend downloading and installing XAMPP onto a
local machine inside your LAN which is used solely for testing.

I do not take responsibility for the way in which any one uses this
application. I have made the purposes of the application clear and it
should not be used maliciously.

Current version: 1.0.3 Released: 25/05/2009

Download from SourceForge:

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list