www dvwa co uk ryanbedroom whoami Ryan Dewhurst
www. dvwa. co. uk
ryan@bedroom: ~$ whoami Ryan Dewhurst (ethicalhack 3 r) Northumbria University BSc (hons) Ethical Hacking for Computer Security http: //www. ethicalhack 3 r. co. uk/ Random. Storm
DVWA? ! Vulnerable web application PHP/My. SQL/Java. Script OPEN SOURCE! =) Teach/Learn web application security
Timeline BETA - (17 Dec 2008) 1. 0 - (20 May 2009) 1. 0. 4 - (29 Jun 2009) 1. 0. 5 - (03 Sep 2009) 1. 0. 6 - (05 Oct 2009) Random. Storm - (14 Dec 2009) 1. 0. 7 - (under development)
DVWA BETA
DEMO (oh noes!)
What's new in v 1. 0. 7? Postgre. SQL support - 50% New design/colour scheme - 0% Blind SQL injection - 99% Compare source – 99% Improved Help information - 99% Minor improvements - 99% Minor bug fixes - 99% DOCUMENTATION!!! - 20%
Download DVWA http: //www. dvwa. co. uk/ DVWA Live. CD http: //www. dvwa. co. uk/blog Samurai. WTF 0. 8 (Live. DVD) http: //samurai. inguardians. com/ Web Security Dojo (VM) http: //www. mavensecurity. com/dojo. php OWASP Broken Web Application Project (VM) http: //code. google. com/p/owaspbwa/
Alternatives OWASP Web. Goat Hakme. Bank Series Iron. Geek Mutillidae OWASP Vicnum
Thanks to the contributors! No particular order Craig Bryson: www. youreadmyblog. info Jamesr: www. creativenucleus. com Ryan Dewhurst: www. ethicalhack 3 r. co. uk Tedi Heriyanto: http: //tedi. heriyanto. net Tom Mackenzie: www. tmacuk. co. uk Random. Storm: www. randomstorm. com Jason Jones: www. linux-ninja. com Duncan Alderson: www. webantix. net
Contribute Home page http: //www. dvwa. co. uk/ Source. Forge http: //sourceforge. net/projects/dvwa/ SVN https: //dvwa. svn. sourceforge. net/svnroot/dvwa
QUESTIONS
- Slides: 13