Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

DVWA LiveCD

Damn Vulnerable Web App (DVWA) LiveCD was put together by Duncan Alderson @Webantix and released as a torrent download in February. We are now offering a direct download rather than a torrent. This will result in faster downloads and more availability!

Download the LiveCD here.

xampp logo


linux/windows logo


opensource logo