Today we are demonstrating how you can set up a vulnerable/defenseless web application server in a Windows system utilizing Xampp. To enter the world of security, you should have hands-on experience discovering bugs and vulnerabilities in a web application. Practicing your skills always help you in your career and professional growth. If you are a beginner, then you must test your skills before entering the professional world: it allows you to understand the procedures and methods of securing web apps so, Here we will arrange the most well known web applications (DVWA). So, let’s do that
- Xampp Server Installation in Windows
- DVWA (Damn Vulnerable Web Application)
Xampp Server Installation:
XAMPP stand for Apache + MariaDB + PHP + Perl
XAMPP is a free and open-source cross-platform web server solution stack package developed by Apache Friends, consisting mainly of the Apache HTTP Server, MariaDB database, and interpreters for scripts written in the PHP and Perl programming languages. Since most actual web server deployments use the same components as XAMPP, it makes transitioning from a local test server to a live server possible. (read more from Wikipedia).
Download from here: https://www.apachefriends.org/download.html
When the installation is done, we have to start the service of Mysql and Apache service in Xampp server as shown in the below screenshot.
DVWA (DAMN Vulenrable Web Application):
DVWA is a web application that is damn sensitive to PHP / MySQL. The main objectives are to provide security professionals with assistance to test their skills and resources in a legal environment, enable web developers to better understand the processes of protecting web applications and assist teachers/students to teach/learn protection in the classroom.
Download from here: http://www.dvwa.co.uk/
Once the dvwa is installed completely then we will navigate to C:/Xampp/htdocs/dvwa/config.inc.php.dist to change the username and password for the database.
Open the configuration file to set the Username and Password.
Here, you can see that the default username is root and password is password which we will modify.
Presently here you may see that we have set the password “blank” for user “root“. Now save these settings and quit.
Rename the file as “config.inc.php” after making above changes and save it.
Now we need to open the DVWA application in our localhost to create the database.
Now click on create database and database is created.
Now click on login and you are finished with the setup.
For login, we will use the DVWA default username which is admin and password by default.
We have successfully set the web applications in Xampp server in Windows.