Damn Vulnerable Web Application - DVWA
A PHP/MariaDB web application that is damn vulnerable. Aids security professionals to test their skills and tools in a legal environment, helps web developers understand securing web applications, and aids students and teachers to learn about web application security in a controlled environment. Practice common web vulnerabilities with various difficulty levels.
Collections offline container
Technology PHP MariaDB
Categories Free-form Single-player
Author RandomStorm
Stars 
Last contribution Mar 19, 2026 < 6mo
Notes
Do not deploy to Internet-facing servers. Recommended: run in a VM with NAT networking (e.g. VirtualBox, VMware).