This year Ryan Dewhurst project manager and lead developer of DVWA will be holding a DVWA workshop at the BruCON security conference in Brussels, Belgium.

If you would like to learn more about how to use DVWA effectively and put your skills to the test then join us at the workshop on the 24-25 September.

If you haven’t purchased your BruCON tickets yet unfortunately you have missed the early bird prices however entrance tickets are reasonable anyway.

For further information on the workshop and BruCON visit;
http://2010.brucon.org/index.php/Main_Page

See you there!

DVWA now comes on its own bootable LiveCD!

‘

You can burn the ISO image onto a disc and boot DVWA or you can create a Virtual Machine from the ISO in VirtualBox (opensource) or VMware. The LiveCD for now will only be available as a torrent. It has never been easier to download and run DVWA! The initial LiveCD is based on DVWA v1.0.6.

‘

The LiveCD was entirely developed by Duncan Alderson (@webantix) from http://www.webantix.net/.

A massive thanks to him from the whole DVWA community!

‘

Download Torrent: DVWA-1.0.6.iso.torrent (please seed!)

‘

UPDATE 24/02/2010 —

The DVWA login credentials are dvwa:password

‘

Thanks to everyone for seeding!

DVWA v1.0.6 will be intergrated with the fantastic SamuraiWTF (Web Testing Framework) version 0.8 Live CD.

‘

The Samurai Web Testing Framework is a live linux environment that has been pre-configured to function as a web pen-testing environment. The CD contains the best of the open source and free tools that focus on testing and attacking websites. In developing this environment, we have based our tool selection on the tools we use in our security practice. We have included the tools used in all four steps of a web pen-test.

‘

This is great news for the DVWA project and we are all very exited!

‘

SamuraiWTF: http://samurai.inguardians.com/

DVWA v1.0.6 has been released. The changes are mainly bug fixes and a couple of tweaks here and there.

‘

Changelog:

Fixed a bug where the logo would not show on first time use. 03/09/2009 (ethicalhack3r)
Removed ‘current password’ input box for low+med CSRF security. 03/09/2009 (ethicalhack3r)
Added an article which was written for OWASP Turkey. 03/10/2009 (ethicalhack3r)
Added more toubleshooting information. 02/10/2009 (ethicalhack3r)
Stored XSS high now sanitises output. 02/10/2009 (ethicalhack3r)
Fixed a ‘bug’ in XSS stored low which made it not vulnerable. 02/10/2009 (ethicalhack3r)
Rewritten command execution high to use a whitelist. 30/09/09 (ethicalhack3r)
Fixed a command execution vulnerability in exec high. 17/09/09 (ethicalhack3r)
Added some troubleshooting info for PHP 5.2.6 in readme.txt. 17/09/09 (ethicalhack3r)
Added the upload directory to the upload help. 17/09/09 (ethicalhack3r)

‘
Download