DVWA Lab Overview

What is DVWA?

DVWA (Damn Vulnerable Web Application) is a PHP/MySQL web application that is intentionally vulnerable. It provides a safe environment for security professionals, students, and developers to learn about web application security through hands-on practice.

What You Will Learn

Common web application vulnerabilities (OWASP Top 10)
How to identify and exploit security flaws
How to detect and prevent attacks
Practical penetration testing techniques
Understanding of secure coding practices

Prerequisites

Tools Required

Web Browser - Chrome or Firefox (with developer tools)
Burp Suite (Optional) - For advanced testing and request manipulation
Command Line Tools (Optional) - curl, wget for testing

Knowledge Required

Basic understanding of web applications (HTML, HTTP)
Familiarity with browser developer tools
Basic knowledge of SQL (for SQL injection scenarios)
Understanding of JavaScript (for XSS scenarios)

Launch the Lab

Open DVWA in CSN Labs →

Scenarios

Beginner

Intermediate

Advanced

File Upload

Suggested Learning Order

Start with SQL Injection to understand basic injection concepts and how databases interact with web applications
Move to Reflected XSS to learn about client-side vulnerabilities and how malicious scripts can be executed
Progress to Stored XSS to understand persistent attacks
Explore Authentication Bypass to learn about session management and access control
Challenge yourself with File Upload vulnerabilities

Safety & Ethics Note

Important: These labs are for educational purposes only. Only use these techniques in authorized environments. Unauthorized access to computer systems is illegal and unethical. Always obtain proper authorization before testing any system.

Common Pitfalls

Skipping the Basics: Don't jump to advanced scenarios without understanding the fundamentals. Each scenario builds on previous concepts.
Not Reading Error Messages: Error messages often provide valuable clues about the application's behavior and vulnerabilities.
Ignoring Defender Notes: Understanding how to detect and prevent attacks is just as important as learning how to exploit them.
Not Documenting Your Work: Take screenshots and notes as you go. This helps reinforce learning and serves as evidence of your progress.

What is DVWA?​

What You Will Learn​

Prerequisites​

Tools Required​

Knowledge Required​

Launch the Lab​

Scenarios​

Beginner​

Intermediate​

Advanced​

Suggested Learning Order​

Safety & Ethics Note​

Common Pitfalls​