Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that comes with a set of deliberate vulnerablities built into it.
I can across it while reading through some of the NY Poly courseware.
DVWA is similair to the Web Goat application I mentioned in an earlier post. DVWA’s aims ‘are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.’
While working on DVWA, I came across this superb set of tutorials on the computersecuritystudent.com website
You’d pay quite a lot of money to attend a training course and get access to this kind of information. These tutorials are laid out brialliantly, easy to follow – and they’re free!
Definitely worth checking out.