Introduction
This article specifically discuss on how to install DVWA in Linux Ubuntu 18.04. Most important thing before start installing is to know what DVWA is. Actually, DVWA stands for Damn Vulnerable Web App. It is a PHP/MySQL web application which particularly have lots of vulnerable along with it. Using DVWA, security professionals can use it to test their skills and tools in a legal environment and also help web developers better understand the processes of securing web applications.
Steps of Installation
How can someone use DVAM in order to use it for testing and securing web applications?. First of all, installing it in the system is important. The installation consists of two sections or two parts. The first one is the preparation part. After that, the latter one is the real installation process.
Preparation for the installation
In this section, it is focusing on the preparation for further installation. Those things which are necessary and important for DVWA to run is listed as follows :
1. Make sure there is a Web Application Server run on the operating system. It can be Apache Webserver or Nginx or any other types of Web Application Server.
2. The next thing which is important is the availability of Database Server. In this context, it is MySQL Database Server.
3. The last one is the support of executing PHP script. The support definitely is available by configuring the Web Application Server so that DVWA can run on it.
The installation of DVWA
After all the preparation is finish, continue on to the main part of the installation. It is obviously the installation of DVWA. Below are steps for placing it into the system :
1. Clone the DVWA into the system using ‘git’ command. Actually, DVWA source exist in the following link. Previously, it exists in this link. Type the ‘git’ command in the command line :
git clone https://github.com/ethicalhack3r/DVWA
Using the above command, perform it to clone the DVWA source as follows :
user@hostname:~$ git clone https://github.com/ethicalhack3r/DVWA.git Cloning into 'DVWA'... remote: Enumerating objects: 6, done. remote: Counting objects: 100% (6/6), done. remote: Compressing objects: 100% (6/6), done. remote: Total 2986 (delta 0), reused 3 (delta 0), pack-reused 2980 Receiving objects: 100% (2986/2986), 1.52 MiB | 907.00 KiB/s, done. Resolving deltas: 100% (1308/1308), done. user@hostname:~$
2. Move the cloned source to the Web Application Server document root directory folder. And then, configure the Web Application Server so that the address of DVWA can be accessed in the browser. The following is the image of the DVWA :
3. Proceed to configure the Web Application Server. In order to solve the ‘allow_url_include’ as in the image above, just read the article in this link. Basically, just edit php.ini file and set the ‘allow_url_include’ to On. After solving the problem, refresh the page and the following page will appear :
4. According to the image above, there is a problem with the reCAPTCHA key. It is currently missing. So, in order to solve it, read the article in this link. The article shows how to generate reCAPTCHA key.
5. After generating the reCAPTCHA key, just copy and paste it to the DVWA configuration file. The file is ‘config/config.inc.php’ and it exist in the root folder of the DVWA. The following is the configuration line for the reCAPTCHA in the file :
# ReCAPTCHA settings # Used for the 'Insecure CAPTCHA' module # You'll need to generate your own keys at: https://www.google.com/recaptcha/admin $_DVWA[ 'recaptcha_public_key' ] = ''; $_DVWA[ 'recaptcha_private_key' ] = '';
Below is an example of the reCAPTCHA page showing the generated key :
Just copy the value in the COPY SITE KEY to the $_DVWA[‘recaptcha_public_key’] and the COPY SECRET KEY to the $_DVWA[‘recaptcha_private_key’] accordingly. Don’t forget to refresh the page. And the installation page of DVWA will change as follows :
6. Since the reCAPTCHA key has already exist, continue on the installation process by clicking the Create/Reset Database button. But don’t forget to create the database first. If there is no problem on the database connection and the installation is a success, the following login page will be presented :
7. Type ‘admin’ in the Username field and ‘password’ in the Password field to login to the DVWA web application. Click the Login button and the following page will appear :
8. Finally, the DVWA web application is active and accessible.