Hello buddies, after a short break m back with an interesting post on Creating Pentesting lab with bWAPP. bWAPP is one of the cutest web pentesting lab for beginners to get started and learn Web App hacking. I've wrote many Penetration testing articles, this one is also little amazing and helpful for noobs and beginners.
What is bWAPP ?
bWAPP or a buggy web application is a free and open source web applicationbuild to allow security enthusiasts, students and developers to better secure web applications. It is for educational purposes only. bWAPP contain all types of OWASP Top 10 (2013) Vulnerabilities.
bWAPP have many types of Vulnerabilities like :
- HTML, SQL, LDAP, XML, Get, Post, Cookies, Command etc Injection
- Stored, Reflected, DOM, Get, Post etc Cross Site Scripting (XSS)
- Broken Auth. & Session management
- Forgot Password, Function, Insecure transport etc
- Password attacks, Cookie Stealing, HTTP Management etc
- Strong Session, Logout Management etc
- Insecure Direct Object Refernce
- Cross Site Request Forgery (CSRF)
- Security Misconfiguration
- Insecure Cryptographic Storage
- Failure of Restrict URL Access
- Insufficient Transport Layer Protection
- Unvalidated Redirects and Forwads
Others Bugs :
- Client-Side Validation (Password)
- Directory Traversal - Files
- HTTP Response Splitting
- Information Disclosure - Headers
- PHP Eval Function
- Remote & Local File Inclusion
- Unrestricted File Upload
And around 30+ more Bugs for Pentesting. (Click to enlarge it)
How to Install bWAPP in Windows ?
It is pretty little hard but very simple, haha just Complete following requirements :
Requirements :
- WAMP Server (30 mb Download)
- bWAPP Source Files (Download)
- Little Brain!
I'll not show any tutorial to install wamp server, because it's simply very easy, download and install wamp server in your system and start it.
- Installing bWAPP is kinda easy, watch below video :)
- Start learning from first level to last it's totally free, learn some basic HTTP/ TCP and IP networking.
- And soon m also gonna post many ethical hacking methods.
Share it and feel free to comment, dare to ask, Knowledge is free. Sharing is caring.
Post a Comment