This project demonstrates hands-on experience in web application security testing by identifying and exploiting common OWASP Top 10 vulnerabilities using the Damn Vulnerable Web Application (DVWA).
The objective of this project is to understand how real-world web vulnerabilities occur, their impact, and basic mitigation techniques.
- Operating System: Kali Linux
- Vulnerable Application: Damn Vulnerable Web Application (DVWA)
- Deployment Method: Docker (local environment)
- Web Browser (Firefox)
- Burp Suite
- Linux Terminal
- Docker
The following vulnerabilities were successfully tested and documented:
- SQL Injection
- Cross-Site Scripting (XSS β Reflected)
- Command Injection
Each vulnerability includes:
- Description
- Steps to reproduce
- Impact analysis
- Screenshot-based proof of exploitation
- Basic mitigation recommendations
- Gained practical understanding of OWASP Top 10 vulnerabilities
- Learned how improper input validation leads to serious security risks
- Developed hands-on experience in web application penetration testing
- Improved ability to document security findings in a structured manner
All identified vulnerabilities were successfully exploited in a controlled lab environment and documented with clear evidence and mitigation strategies.
This project reflects practical, entry-level experience relevant to SOC Analyst, Cybersecurity Intern, and Web Application Security roles.
This project was conducted strictly for educational and learning purposes in a controlled lab environment.
No real-world systems were targeted or harmed.