Uploaded byKRASHCHAUHAN2
PPTX, PDF294 views

dvwa.pptx

This document discusses the Damn Vulnerable Web Application (DVWA) project, which allows users to practice penetration testing techniques on a web application in a safe legal environment. DVWA has different security levels that change the difficulty of exploiting vulnerabilities. It is a PHP/MySQL web application that can be installed on systems with a web server, MySQL, and PHP. DVWA contains various exploitable vulnerabilities like SQL injection, file upload, and cross-site scripting that can be practiced manually or with automated scanning tools.

Embed presentation

Download to read offline
DVWA EXPLOITATION AND PREVENTATION Presented by SHIVAM PANCHAL & KRASH CHAUHAN
The idea behind this project is to try Penetration Testing techniques on a web-application in a total legal environment. Among the different possibilities that are available over the Internet, I’ve chosen the Damn Vulnerable Web Application (DVWA) project. OVERVIEW
IDEOLOGY • Security Testing - Security Testing is the activity of assessing a system for the presence of security weaknesses. • Vulnerability Assessment - identify security vulnerabilities and improves by placing the findings into the tested environment • Penetration Testing - Involves simulating real attacks to assess the risk associated with potential security vulnerabilities.
AIM The aim of DVWA is to practice with some of the web vulnerabilities, with various difficultly levels interacting with a simple straightforward interface. There are four different security levels that can be set in order to change the difficulty of the research and exploit of security breaches: • Low • MEDIUM • HIGH • IMPOSSIBLE
ABOUT - DVWA DVWA is a PHP/MySQL web application that could be installed in every Operating System on which are installed a Web Server, Mysql and PHP. The application has been designed and developed to have various kind of exploitable vulnerabilities (more or less easy to find).
The vulnerabilities that could be practiced with both manual exploitation and automated scanning tools on DVWA are: 1. Brute Force 2. Command Injection 3. Cross Site Request 4. File Inclusion 5. File Upload 6. Insecure CAPTCHA 7. Sql Injection 8. Blind Sql Injection 9. Reflected Scripting 10. Cross Site Scripting TECHNOLOGIES
TOOLS OVERVIEW • Burp Suite • Hydra • Mysql • Jtr – Jony The Ripper • Wireshark • Nmap

More Related Content

PPTX
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
PPTX
Injection flaws
byDANISH INAMDAR
 
PPTX
Web API authentication and authorization
byChalermpon Areepong
 
PPTX
Client server chat application
byPiyush Rawat
 
PDF
Sql injection with sqlmap
byHerman Duarte
 
PPTX
John the ripper & hydra password cracking tool
byMd. Raquibul Hoque
 
PPTX
Web application security
byKapil Sharma
 
PPTX
Sql injection in cybersecurity
bySanad Bhowmik
 
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
Injection flaws
byDANISH INAMDAR
 
Web API authentication and authorization
byChalermpon Areepong
 
Client server chat application
byPiyush Rawat
 
Sql injection with sqlmap
byHerman Duarte
 
John the ripper & hydra password cracking tool
byMd. Raquibul Hoque
 
Web application security
byKapil Sharma
 
Sql injection in cybersecurity
bySanad Bhowmik
 

What's hot

PDF
Introduction to aneka cloud
byssuser84183f
 
PPTX
Wireless Penetration Testing
byMohammed Adam
 
PPTX
Protocole ARP/RARP
byHayder Gallas
 
PPTX
Proxy Presentation
byprimeteacher32
 
PDF
Ceh V5 Module 07 Sniffers
byMina Fawzy
 
PPT
RESTful services
bygouthamrv
 
PPTX
seminar report on Sql injection
byJawhar Ali
 
PPT
Wireless security presentation
byMuhammad Zia
 
PPTX
REST API Design & Development
byAshok Pundit
 
PPT
Source Code Analysis with SAST
byBlueinfy Solutions
 
PPT
2 secure systems design
bydrewz lin
 
PPT
JDBC – Java Database Connectivity
byInformation Technology
 
PPSX
WPA2
byMshari Alabdulkarim
 
PPTX
AAA Implementation
byAhmad El Tawil
 
PPTX
Introduction to REST - API
byChetan Gadodia
 
PPTX
Node js
byFatih Şimşek
 
PPTX
Remote Method Innovation (RMI) In JAVA
byPrankit Mishra
 
PPTX
REST & RESTful Web Services
byHalil Burak Cetinkaya
 
PPTX
Intro to WebSockets
byGaurav Oberoi
 
ODP
Apache ppt
bypoornima sugumaran
 
Introduction to aneka cloud
byssuser84183f
 
Wireless Penetration Testing
byMohammed Adam
 
Protocole ARP/RARP
byHayder Gallas
 
Proxy Presentation
byprimeteacher32
 
Ceh V5 Module 07 Sniffers
byMina Fawzy
 
RESTful services
bygouthamrv
 
seminar report on Sql injection
byJawhar Ali
 
Wireless security presentation
byMuhammad Zia
 
REST API Design & Development
byAshok Pundit
 
Source Code Analysis with SAST
byBlueinfy Solutions
 
2 secure systems design
bydrewz lin
 
JDBC – Java Database Connectivity
byInformation Technology
 
WPA2
byMshari Alabdulkarim
 
AAA Implementation
byAhmad El Tawil
 
Introduction to REST - API
byChetan Gadodia
 
Node js
byFatih Şimşek
 
Remote Method Innovation (RMI) In JAVA
byPrankit Mishra
 
REST & RESTful Web Services
byHalil Burak Cetinkaya
 
Intro to WebSockets
byGaurav Oberoi
 
Apache ppt
bypoornima sugumaran
 

Similar to dvwa.pptx

PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PPTX
Web application Security tools
byNico Penaredondo
 
PPTX
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
byBoston Institute of Analytics
 
PDF
Sample network vulnerability analysis proposal
byDavid Sweigert
 
PPTX
VAPT_FINAL SLIDES.pptx
bykarthikvcyber
 
PDF
"><h1>muthu</h1>
bymuthu muthu
 
PDF
Web Application Vulnerabilities
byPamela Wright
 
PDF
Introduction to Website Pentesting.pptx.pdf
byapurvar399
 
PPTX
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
byNurul Haszeli Ahmad
 
PPTX
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-...
byRana Khalil
 
PDF
Nt2580 Unit 7 Chapter 12
byLaura Arrigo
 
PDF
A Comparative Study between Vulnerability Assessment and Penetration Testing
byYogeshIJTSRD
 
PPTX
InOffensive Security_cybersecurity2.pptx
bywihib17507
 
DOCX
DVWASetting up DAMN VULNERABLE WEB APPLICATIONSDam.docx
bybrownliecarmella
 
PDF
Detection Of Intrusions And Malware And Vulnerability Assessment 7th Internat...
byaimimnaij
 
DOCX
Backtrack manual Part1
byNutan Kumar Panda
 
PDF
Central Ohio InfoSec Summit: Why Script Kiddies Succeed
byThreatReel Podcast
 
PPTX
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-b...
byRana Khalil
 
PPTX
VAPT.pptx
byMohammedYaseen638128
 
PPT
NH Bankers 10 08 07 Kamens
bykamensm02
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Web application Security tools
byNico Penaredondo
 
Identifying and Eradicating Web Application Vulnerabilities : Cyber Security ...
byBoston Institute of Analytics
 
Sample network vulnerability analysis proposal
byDavid Sweigert
 
VAPT_FINAL SLIDES.pptx
bykarthikvcyber
 
"><h1>muthu</h1>
bymuthu muthu
 
Web Application Vulnerabilities
byPamela Wright
 
Introduction to Website Pentesting.pptx.pdf
byapurvar399
 
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
byNurul Haszeli Ahmad
 
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-...
byRana Khalil
 
Nt2580 Unit 7 Chapter 12
byLaura Arrigo
 
A Comparative Study between Vulnerability Assessment and Penetration Testing
byYogeshIJTSRD
 
InOffensive Security_cybersecurity2.pptx
bywihib17507
 
DVWASetting up DAMN VULNERABLE WEB APPLICATIONSDam.docx
bybrownliecarmella
 
Detection Of Intrusions And Malware And Vulnerability Assessment 7th Internat...
byaimimnaij
 
Backtrack manual Part1
byNutan Kumar Panda
 
Central Ohio InfoSec Summit: Why Script Kiddies Succeed
byThreatReel Podcast
 
Why Johnny Still Can’t Pentest: A Comparative Analysis of Open-source Black-b...
byRana Khalil
 
VAPT.pptx
byMohammedYaseen638128
 
NH Bankers 10 08 07 Kamens
bykamensm02
 

Recently uploaded

PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PPTX
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
PDF
AI Technology important knowledge ......
byutkarshj2007
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Combining Induction and Transduction for Abstract Reasoning.pptx
byallen578468
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
The year in review - MarvelClient in 2025
bypanagenda
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
AI Technology important knowledge ......
byutkarshj2007
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 

dvwa.pptx

  • 1.
    DVWA EXPLOITATION AND PREVENTATION Presentedby SHIVAM PANCHAL & KRASH CHAUHAN
  • 2.
    The idea behindthis project is to try Penetration Testing techniques on a web-application in a total legal environment. Among the different possibilities that are available over the Internet, I’ve chosen the Damn Vulnerable Web Application (DVWA) project. OVERVIEW
  • 3.
    IDEOLOGY • Security Testing- Security Testing is the activity of assessing a system for the presence of security weaknesses. • Vulnerability Assessment - identify security vulnerabilities and improves by placing the findings into the tested environment • Penetration Testing - Involves simulating real attacks to assess the risk associated with potential security vulnerabilities.
  • 4.
    AIM The aim ofDVWA is to practice with some of the web vulnerabilities, with various difficultly levels interacting with a simple straightforward interface. There are four different security levels that can be set in order to change the difficulty of the research and exploit of security breaches: • Low • MEDIUM • HIGH • IMPOSSIBLE
  • 5.
    ABOUT - DVWA DVWAis a PHP/MySQL web application that could be installed in every Operating System on which are installed a Web Server, Mysql and PHP. The application has been designed and developed to have various kind of exploitable vulnerabilities (more or less easy to find).
  • 6.
    The vulnerabilities thatcould be practiced with both manual exploitation and automated scanning tools on DVWA are: 1. Brute Force 2. Command Injection 3. Cross Site Request 4. File Inclusion 5. File Upload 6. Insecure CAPTCHA 7. Sql Injection 8. Blind Sql Injection 9. Reflected Scripting 10. Cross Site Scripting TECHNOLOGIES
  • 7.
    TOOLS OVERVIEW • BurpSuite • Hydra • Mysql • Jtr – Jony The Ripper • Wireshark • Nmap