Setting Up DVWA (Damn Vulnerable Web Application) on Localhost (Windows 11)
DVWA (Damn Vulnerable Web Application) is a popular and invaluable tool for security professionals and aspiring ethical hackers. It provides a safe environment to learn and practice web application security vulnerabilities. This article will guide you through setting up DVWA on your Windows 11 machine for local development.
Problem: Many beginners struggle to configure DVWA on their local machines due to missing dependencies and unclear instructions.
Solution: This article provides a step-by-step guide to setting up DVWA on Windows 11, clarifying each step and addressing potential issues.
Prerequisites
Before we start, make sure you have the following installed:
- XAMPP: A popular Apache distribution for Windows. Download and install it from https://www.apachefriends.org/.
- PHP: XAMPP already includes PHP. You can verify the version by navigating to
C:\xampp\php\php.exeand running it in the command prompt. - A code editor: You can use any editor you prefer. Popular choices include Visual Studio Code, Notepad++, or Sublime Text.
Setup Steps
-
Download DVWA: Download the latest version of DVWA from https://github.com/DVWA/DVWA/releases. Extract the downloaded zip file to your desired location, for example,
C:\xampp\htdocs. -
Configure the database:
- Create a new database: Open the XAMPP control panel and start the MySQL service. Access phpMyAdmin through the link provided.
- Create a database: Name it 'dvwa' (or any other name you prefer).
- Import the SQL schema: Open the
dvwa/sqlfolder and import thedvwa.sqlfile into the newly created database.
-
Configure DVWA settings:
- Open
dvwa/config/config.inc.php: Locate the following lines:$db_host = 'localhost'; $db_name = 'dvwa'; $db_user = 'root'; $db_pass = ''; - Update the values: Ensure that the
db_hostanddb_namematch your database setup. You might need to change thedb_useranddb_passif you have a different username or password for your MySQL account.
- Open
-
Access DVWA:
- Start the Apache service: Open the XAMPP control panel and start the Apache service.
- Open your web browser: Navigate to
http://localhost/dvwa(or the directory where you extracted DVWA).
-
Login and configure security:
- Login: Enter the default username and password:
adminandpasswordrespectively. - Security level: On the DVWA dashboard, you can choose from different security levels ranging from low to impossible. Select the level that suits your learning objectives.
- Login: Enter the default username and password:
Additional Tips
- Security Best Practices: Always remember to use DVWA in a controlled environment and never on a live server.
- Vulnerability Testing: Experiment with different vulnerabilities and observe how they exploit weaknesses in the application.
- Understanding Security Concepts: Utilize DVWA to learn about common security concepts like SQL Injection, Cross-Site Scripting (XSS), and more.
- Documentation: Refer to the official DVWA documentation for detailed information on each vulnerability and how to exploit them: https://www.dvwa.co.uk/.
Conclusion
By following this comprehensive guide, you have successfully set up DVWA on your Windows 11 machine. Now you can explore the world of web application security vulnerabilities in a safe and controlled environment. Remember to practice ethically, learn from your experiences, and contribute to a more secure web.
