This video walks you through setting up OWASP ZAP, Docker and DVWA in a container and then using ZAP to test the application.
The Damn Vulnerable Web App (DVWA) has been developed to teach web application security lessons. It is a PHP/MySQL web application that is damn vulnerable. Its primary goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a classroom environment.
To get started, you will need a Kali Virtual Machine from Offensive Security at www.kali.org
Once downloaded, follow this install process.
1. Update Kali
sudo apt update && sudo apt upgrade -y
2. Install Chrome by downloading the .deb file from www.google.com... and perform the install using this command
sudo apt install ./google-chrome-stable_current_amd64.deb && sudo apt --fix-broken install
3. Verify its installed by running
java -version
4. Install OWASP ZAP
sudo apt update && sudo apt install zaproxy -y
Verify its installed by running Zap
5. Install Docker
sudo apt update && sudo apt install -y docker.io
sudo systemctl enable docker --now
docker
sudo usermod -aG docker $USER
Log out and log back in again
7. Pull down the DVWA image from Docker Hub
Run the command "docker pull vulnerables/web-dvwa" in a terminal
8. Run the DVWA container
Run the command "docker run --rm -it -p 80:80 vulnerables/web-dvwa" in a terminal
9. Access the DVWA site
Access the site via the URL localhost and complete the setup process
10. Configure ZAP to use the DVWA site
Configure theauthenticationn script, context and users.
Remember to update the URL to the correct one for your environment.
11. Run the scans on the DVWA site
Run a spider scan and then an active scan.
Steps can be found here: augment1securi...
Disclaimer: This video is strictly for educational and research purposes. Misuse of this information can lead to criminal charges. I do not endorse or promote any illegal activities.
#CyberSecurity #OWASPZAP #DVWA #Docker #Education #WebApplicationSecurity
Негізгі бет Damn Vulnerable Web App DVWA testing with ZAP on Kali
Пікірлер: 2