Views: 2

Introduction to DVWA

Damn Vulnerable Web Application (DVWA) is one of the most widely used platforms for learning and practicing web application security testing. As the name suggests, it is a deliberately vulnerable web application designed to help cybersecurity enthusiasts, students, and professionals understand common web vulnerabilities in a safe and controlled environment.

DVWA includes several intentionally insecure features that allow users to explore and test different penetration testing techniques such as SQL Injection, Command Injection, Cross-Site Scripting (XSS), File Inclusion, and more. It serves as an excellent hands-on lab for improving offensive security skills while also helping defenders understand how attacks work in real-world scenarios.

In this guide, we will walk through the complete step-by-step process of installing and configuring DVWA on a Windows system using XAMPP, allowing you to build your own local web security testing environment.

Prerequisites

Before starting the installation, ensure you have the following:

• A Windows system
• Stable internet connection
• Administrative privileges on the machine
• Basic understanding of web applications and local servers

Step 1: Download XAMPP

The first step is to install XAMPP, which provides a local web server environment required to run DVWA.

XAMPP includes:

• Apache Web Server
• MySQL/MariaDB Database
• PHP Support
• phpMyAdmin

Visit the official XAMPP website and download the version compatible with your Windows operating system.

After downloading the installer, proceed to the installation phase.

Step 2: Install XAMPP

Once the download is complete:

1. Double-click the XAMPP installer.
2. Accept the installation prompts and default settings.
3. Complete the installation process.

After installation:

1. Launch the XAMPP Control Panel.
2. Start the following services:
   • Apache
   • MySQL

These services are required for DVWA to function properly.

When both services show a green status, your local web server environment is ready.

Step 3: Download DVWA

Next, download the DVWA application files.

Open your browser and visit the official DVWA GitHub repository:

DVWA GitHub Repository

Click on:

Code → Download ZIP

This will download the DVWA package as a compressed ZIP archive.

Step 4: Install DVWA

After downloading the ZIP file:

1. Copy the DVWA ZIP file.
2. Navigate to your XAMPP installation directory:C:\xampp\htdocs\
3. Extract and Paste the ZIP file contents inside the htdocs directory.

After extraction, you should see the DVWA folder and its application files inside the htdocs directory.

Your installation path should look similar to:

C:\xampp\htdocs\

At this stage, DVWA is installed locally on your system.

Step 5: Verify the DVWA Installation

To confirm that DVWA is working correctly:

1. Open your web browser.
2. Navigate to:http://localhost/ or http://ip-address/

If the setup is successful, the DVWA login or setup page should appear.

You can then configure the database and log in to the application.

Change the from Security Level: Impossible to Low:

1. Click DVWA Security in the left menu
2. Select Low from the dropdown
3. Click Submit

127.0.0.1 | whoami

To test one of the vulnerable modules, navigate to the Command Injection section and execute a simple command such as:

127.0.0.1 | whoami

127.0.0.1 | whoami

If DVWA returns the system username, the application is functioning correctly.

This confirms that:

• Apache is working
• PHP is functioning correctly
• MySQL connectivity is operational
• DVWA is successfully installed

Conclusion

Setting up DVWA on Windows is an excellent way to create a local cybersecurity lab for learning web application security testing. By using XAMPP, users can easily deploy a fully functional web server environment without requiring advanced Linux administration skills.

DVWA provides a safe platform to practice and understand common web vulnerabilities, making it ideal for students, penetration testers, SOC analysts, and cybersecurity enthusiasts.

Always use DVWA ethically and responsibly in isolated lab environments. The knowledge gained from these exercises should be used to strengthen security defenses and improve overall cybersecurity awareness.