Sunday, 5 July 2015

Introduction to DVWA | Basics of VAPT | Lesson 1


Introduction to Vulnerability Assessment and Penetration Testing ----------------------------------------------------------------

VAPT is a process in which we audit and exploit the available vulnerabilities of a network as well as website with respect to some global standards. 

For Example : For Web Site VAPT we follow OWASP Top 10 Attacks.  VAPT is consist of two different entities. 

VA:Vulnerability Assessment : Its a process in which we only scan and look for the limitation or vulnerabilities of any website. it has nothing to do with the exploitation of the discovered vulnerabilities. 

For Example: A PSU bank says to scan and find out the loopholes but you are not allowed to exploit those loopholes. 



PT: Penetration testing : A process which deals in exploiting the available vulnerability report and make sure to discover the critical data of the website and later share the remedy for the same with the developers of the website.

For Example: A private company has vulnerability assessment report prepared by their in house security team, but they are hiring you to cash those vulnerabilities and let them know what damage can be drawn on their portal. 



About OWASP
-------------------- 
O : Open

W : Web
A : Application
S : Security  
P : Project


Know More About OWASP Top 10 Attacks :
https://www.owasp.org/index.php/Top_10_2013-Top_10  


This project has categorized all web application attacks into Top 10 Attacks.

Introduction to DVWA: Damn Vulnerable Web Application
-----------------------------------------------------
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn defenseless. Its primary objective is to be a guide for Web Security experts to test their abilities and instruments in a lawful domain, help web designers better comprehend the procedures of securing web applications and help instructors/understudies to educate/learn web application security in a classroom situation.

Attacks Covered in DVWA

-----------------------
1. Brute Force
2. Command Execution
3. CSRF
4. File Inclusion
5. SQL Injection
6. SQL Injection (Blind)
7. Shell Uploading
8. XSS ( Reflected )
9. XSS ( Stored)

DVWA Security Options for Attacks: 
----------------------------------

Low Level : Low Level Security gives you freedom to exploit all known vulnerabilities means there will be no security in given framework and hence you can try all attacks if you are using it first Time.

Medium Level : Medium security will have all entry level validations and filtration which can stop any script kiddie to get benefit of available vulnerabilities.

High Level : High Level is kind of Zero Day environment and if you can breach it then that means you are on the right track to be become a VAPT Expert.


                  How To Install DVWA in Windows



So now you are ready to learn the basics of Web Space Penetration Testing. In Next Lesson we will learn Brute Force Attack i.e First Attack available in DVWA Environment.

India's No 1 Company in Ethical Hacking Training









 
  • Stumble This
  • Fav This With Technorati
  • Add To Del.icio.us
  • Digg This
  • Add To Facebook
  • Add To Yahoo

0 comments:

Post a Comment