Setting up DAMN Vulnerable Web Application (DVWA) ENVIRONMENT Using KALI
As the name recommends DVWA has many web vulnerabilities. Each powerlessness has four distinctive security levels, low, medium, high and outlandish. The security levels give a test to the ‘assailant’ and furthermore indicates how every defenselessness can be counter estimated by secure coding.
Security level.
Inconceivable: In this level, you will face difficulties like CTF and it is more enthusiastically than the other level. This level gives troubles which we face in reality.
High: This powerlessness level gives the client a case of how to verify the defenselessness by means of secure coding techniques. It gives the client a chance to see how the weakness can be counter estimated. This degree of security ought to be un-hackable anyway as we as a whole realize this isn’t generally the situation. So on the off chance that you figure out how to sidestep it, that you are doing well.
Medium: This security level’s motivation is to give the ‘assailant’ a test in misuse and furthermore fill in for instance of awful coding/security rehearses.
Low: This security level is intended to reproduce a site with no security at all executed in their coding. It gives the ‘aggressor’ the opportunity to refine their abuse abilities.
The Advantages and Disadvantages of DVWA are stated below.
Advantages:
Faster than web browsers due to web content not always loading in all browsers and multiple tabs loading,
Better performance due to more than 20% less page-loads,
Better security due to server SSL encryption (SSL) and 256-bit AES encryption,
Better accessibility due to not having to write code for browsers,
Better security as they can use native client-side JavaScript and do not have to make JavaScript plugins or run as root to access files.
Disadvantages:
Insecure. DVWA is vulnerable to the Web Application Exploits (WX) and Exploit Kits (ETK) of the world. Since every website is vulnerable to WX or ETK, a developer working in a DVWA application cannot ensure that all security measures are in place, and this could result in the Web application being bypassed or in some unusual way of running.
2.Disadvantages caused by the user’s interaction with the application in its default state. It is hard to say what security risks arise from user-friendly applications in a traditional Internet environment. However, web applications are also susceptible to unexpected conditions, especially in the case of large websites. And for this reason, one should carefully test the security aspects of such applications beforehand
3. Disadvantages caused by the use of the Web Browser. Web browsers are in itself inherently insecure in the sense that you are compromising their security. So it is always a good idea to minimize the amount of user interaction when accessing the application with this type of application.
Security levels:
• Unthinkable: In this level, you will face difficulties like CTF and it is more enthusiastically than the other level. This level gives challenges which we face in reality.
• High: This defenselessness level gives the client a case of how to verify the helplessness through secure coding strategies. It gives the client a chance to see how the weakness can be counter estimated. This degree of security ought to be un-hackable anyway as we as a whole realize this isn’t generally the situation. So, on the off chance that you figure out how to sidestep it, that you are doing well.
• Medium: This security level’s motivation is to give the ‘attacker’ a test in misuse and furthermore fill in for instance of awful coding/security rehearses.
• Low: This security level is intended to recreate a site with no security at all executed in their coding. It gives the ‘attacker’ the opportunity to refine their misuse abilities.
Power on the KaliXFCE Linux, configure language and other settings, also user and root password.
Configure NAT
After Configuration done user will get a start GUI window of KaliXFCE Linux type user name and password.
KALI XFCE LINUX APPLICATION and Configure NAT.
Create another Virtual Machine
Create another Virtual Machine
VM name as DVWA Linux
Go to settings > Network > right click and open Bridged Adapter.
Start DVWA Linux.
Live the DVWA Linux machine.
To displays the computer’s currently assigned IP, subnet mask and default gateway addresses use command.
USER : “$ ifconfig
Open browser in KALI XFCE Linux machine and type the IP 192.168.0.19.
which displaced in DVWA Linux.
Note: This connection is not secure
Create Database SQL INJECTION
Upload Database which will setup the following
DataBase
Create Users table
Data insert
Guestbook
Data inserted into Guestbook
DVWA Linux-Network Settings
Network > Attached To:- NAT Network > Name:- NATNETWORK > Advance > promiscuous Mode:- Allow VMS
Also Follow the same in KALA XFCE NAT Settings and allow permission VMS.
After changings NAT Settings Power off and on the machines to save the changes.
Use the if config command in DVWA Linux to find IP address.
IP Address is 192.168.0.19
Enter the same IP address in Elementary Linux browser
After entering IP address in browser user will find
IP 192.168.0.19
Advantages
MBVT can address both specialized and intelligent vulnerabilities
It is easy to Use.
It is easy to setup in your local environment and totally lawful.
DVWA you don’t need to take authorization from other. You can essentially introduce this in a virtual domain and start utilizing it.
Disadvantages
Needed effort to design models, test patterns and adapter
Hacker will exploit it
Setting up a Damn Vulnerable Web App (DVWA)
Name: Praveen Kumar Gudipudi
Institution: University of the Cumberlands
Date: 03/25/20
Setting up a Damn Vulnerable Web App (DVWA)
Damn Vulnerable Web Application (DVWA) is the MySQL application that is essentially vulnerable.
This application is mainly used by security professionals to test their tools and skills in a legal environment.
This will, in turn, help them to understand processes that are involved in securing the web applications.
Setting up a Damn Vulnerable Web App (DVWA)
The installation of this application starts by setting up a virtual environment, which in my case, I used a Kali Linux.
The installation of Kali Linux involves the creation of accounts with root user MySQL account.
Setting up a Damn Vulnerable Web App (DVWA)
The next step is to set up database ‘dvwadb’ which is identified by a unique password
After installation of the DVWA, the next step is to configure the DVWA, which is used to make the application more secure.
Setting up a Damn Vulnerable Web App (DVWA)
Once the configuration has been completed, the remaining task is to open the application which is now ready for use.
References
Kimjan, S. (2018). How to Install DVWA Into Your Linux Distribution; Medium. Retrieved from: https://medium.com/datadriveninvestor/setup-install-dvwa-into-your-linux-distribution-d76dc3b80357