Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students teachers to learn about web application security in a controlled class room environment.
一直从事 Web 端的应用开发，对于一些漏洞有所耳闻。终究是纸上得来终觉浅，缺乏实际操作总感觉理解不深刻，因此想利用 DVWA 好好学习实践一下，也记录下自己的理解和学习过程。本次就先从安装环境开始吧XD。
Damn Vulnerable Web Application is damn vulnerable! Do not upload it to your hosting provider's public html folder or any Internet facing servers, as they will be compromised. It is recommended using a virtual machine (such as VirtualBox or VMware), which is set to NAT networking mode.