Damn Vulnerable Web App / News: Recent posts

Damn Vulnerable Web App (DVWA) v1.0.5 has been officially released today at 18:30 GMT on the 03/09/2009 after 3 months of work.

Whats new?
Complete re-code.
Complete re-design.
CSRF vulnerability.
Stored XSS vulnerability.
Full Path Disclosure vulnerability.
Login page.
Sessions.
Many bug fixes.
PHPIDS implementation.
+ much more

Big thanks to the DVWA team!

Want to try the new version of dvwa before it has been released?

The new version of dvwa is a complete code re-write and partial re-design with more vulnerabilities for you to exploit.

If you download it dont forget to leave us some feedback!

svn co https://dvwa.svn.sourceforge.net/svnroot/dvwa dvwa

After a month of coding Damn Vulnerable Web App (dvwa) v1.0.4 is ready for download.

dvwa v1.0.4 has many changes from the 1.0.3 version. Mostly bug fixes and better design changes.

1.0.4 Change log:

Added acunetix scan report. 24/06/2009
All links use http://hiderefer.com to hide referrer header. 23/06/2009
Updated/added ‘more info’ links. 23/06/2009
Moved change log info to CHANGELOG.txt. 22/06/2009
Fixed the exec.php UTF-8 output. 16/06/2009
Moved Help/View source buttons to footer. 12/06/2009
Fixed phpInfo bug. 12/06/2009
Made dvwa IE friendly. 11/06/2009
Fixed html bugs. 11/06/2009
Added more info to about page. 03/06/2009
Added pictures for the users. 03/06/2009
Fixed typos on the welcome page. 03/06/2009
Improved README.txt and fixed typos. 03/06/2009
Made SQL injection possible in sqli_med.php. Thanks to Teodor Lupan. 03/06/2009... read more

That’s right, YOU!

Damn Vulnerable Web App is an open source project and in order for it to be successful we need your contributions. So far dvwa has been solely developed by me with some help from a couple of friends, I my self cannot make the project as successful as it can be.

We need contributions of any kind, suggestions, design, marketing, coding, ect…

What benefits are their to contributing to an open source project? Lots! It enables you to enhance your skills/knowledge, it looks good on your CV, it gets your name/website around, it shows future employers that your dedicated to enhancing the security industry and much more…... read more

Changed XAMPP link in index.php. 25/05/2009
Set default security to low. 25/05/2009
Improved output in setup.php. 25/05/2009

Version v.1.0.2

Removed phpinfo on higher security levels. 24/05/2009
Moved all vulnerable code to /source/. 24/05/2009
Added viewsource. 24/05/2009

Implemented different security levels. 24/05/2009
Changed XSS from POST to GET. 22/05/2009
Some changes to CSS. 22/05/2009
Version number now in variable in header.php. 21/05/2009
Added about page. 21/05/2009
Updated login script to use database. 21/05/2009
Added admin user to database. 21/05/2009
Combined RFI + LFI to make 'File Inclusion'. 21/05/2009
More realism to Local File Inclusion. 21/05/2009
Better error output on upload script. 21/05/2009

Ive been working on version 1.0.1 non stop since the release of version 1. Version 1.0.1 has more realism and even has "security levels" which you can change from low, medium to high. Low = no security Medium = some security High = Unhackable (hopefully)

I will release version 1.0.1 as soon as I can iron out a couple of bugs which have cropped up. I will try and figure out this svn thingy ma bob so I can get you people involved in the project.... read more

Check out the new and improved version of Damn Vulnerable Web App!