Security is a topic that too short most of the time in software development. Not every engineer learns about the stuff that matters in his education. Also it’s easy to grab information around the topic, but not so easy to try the stuff out to really understand what it’s about (unless you are willing to to do non legal stuff…). So I was extremely happy today to learn about a security tool which is really useful to tackle this:

DVWA – Damn Vulnerable Web Application

What does it do?

You can download the PHP/MySQL open source tool from the project website and install it on a standard web server environment. But better not on an environment from any provider – best to use a virtual machine.

What you get is a small web site on which you can set the security level of the different pages and try to hack it in different ways. You can actually try the most common threats to web applications on various levels of difficulty.

The easily accessible page source code plus the provided help section will give you a good idea of how to hack the site, even if you have never dealt with security before. It simply is interesting and useful to play around with it to learn more about site security on an actual site – much better than just reading about how it should work in theory. This way it’s much easier to transfer the knowledge to your own projects and make them bullet proof.

I really encourage everyone who is building web applications, but also everyone who has the slightest connection to development to take a look. It’s really an easy way to get an idea about the basic security stuff you should be aware of when building applications.