For this guide we will be working with docker. Docker is a system that allows you to easily spin up a container from a configuration file. This eliminates the need to install all of the dependencies that are needed on our own system just to run something simple like the DVWA. We simply have to install docker on our host system. To do this on windows or OSX simple download the docker desktop client from their homepage.
https://www.docker.com/products/docker-desktop
For linux, either install it using yum or apt:
sudo apt-get install docker.io
sudo yum install docker.io
We will be using DVWA as our test application to demonstrate these vulnerability types so that you can get an easy overview of the basics and can follow along. We firstly need to install DVWA though by pulling the docker container.
docker pull vulnerables/web-dvwa
This will take a while so sit back and grab a coffee.
Now that we have the container pulled, all we need to do is start it.
docker run --rm -it -p 80:80 vulnerables/web-dvwa
Running the above code will start docker on port 80 using the web-dvwa container. We can then surf to http://127.0.0.1 using any web browser. This will start up our docker container with the username and password "test". After logging in you will notice the DVWA script detecting a fresh installation and asking to create/reset the database. Simply click the button and let DVWA do all the work for you.
This will send you back to the login page where you can no longer use the test/test username and password combination. You will now need to log in using the following data:
Congratulations, you are now ready to start testing!