Hi Guys,
I am Back with the free browser-based Cloud labs of DVWA and bWAPP
Pentester Academy labs are entirely browser-based, and private and include access to a Terminal/GUI-based Kali, Ubuntu or other operating systems, with the necessary tools and scripts pre-installed. You will not need any other software to get started.
DVWA
Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled classroom environment.
The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. It is licensed under GPLv3.
You can download DVWA locally and install it on a virtual machine. Pentester Academy is providing an online version to save you the time and pain of having to do that.
A sample set of vulnerabilities include:
- Cross-Site Scripting (DOM/Reflected/Stored)
- Command Injection
- CSRF
- Brute Force
- Weak Session IDs
- SQL Injection (Blind)
- File Inclusion/Upload
- Insecure CAPTCHA
The following username and password may be used to explore the application:
- User: admin Password: password
Sign in Link: https://attackdefense.pentesteracademy.com/
Lab Link: https://attackdefense.pentesteracademy.com/challengedetails?cid=34
bWAPP
bWAPP, or a buggy web application, is a free and open-source deliberately insecure web application.
It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.
bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP.
Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.
What makes bWAPP so unique? Well, it has over 100 web vulnerabilities!
It covers all major known web bugs, including all risks from the OWASP Top 10 project.
You can download bWAPP locally and install it on a virtual machine. Pentester Academy is providing an online version to save you the time and pain of having to do that.
A sample set of vulnerabilities include:
- Arbitrary File Access
- SQL Injection
- Code Injection
- Cross-Site Scripting
- Cross-Site Request Forgery
- Heartbleed
- Shellshock
and many more.
The following username and password may be used to explore the application:
Sign in Link: https://attackdefense.pentesteracademy.com/
Lab Link: https://attackdefense.pentesteracademy.com/challengedetails?cid=33
Thank you guys for Reading this Post !!
If you like this post, don’t forget to give me 🤍
Resources: pentesteracademy.com / attackdefense.pentesteracademy.com
Support me: If you like to support me, buy me a cup of coffee ☕
Follow me: @0xKayala | Satya Prakash