Self-paced

Explore our extensive collection of courses designed to help you master various subjects and skills. Whether you're a beginner or an advanced learner, there's something here for everyone.

Bootcamp

Learn live

Join us for our free workshops, webinars, and other events to learn more about our programs and get started on your journey to becoming a developer.

Upcoming live events

Learning library

For all the self-taught geeks out there, here is our content library with most of the learning materials we have produced throughout the years.

It makes sense to start learning by reading and watching videos about fundamentals and how things work.

Search from all Lessons


LoginGet Started

Register to 4Geeks

← Back to Projects

Installing DVWA on a Virtual Machine for SQL Injection Practice

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

🌱 How to start this project?
  • Requirements

🌱 How to start this project?

This exercise aims to teach students how to identify and report an SQL injection vulnerability using the Damn Vulnerable Web Application (DVWA). The report should be made according to ISO 27001 standards for information security incident management.

Requirements

  • VirtualBox installed on your computer.
  • A Debian virtual machine installed in VirtualBox. (We will use the machine previously configured in earlier classes).

Benefits of Using a Virtual Machine

  • Isolation: Keeps the testing environment separate from your main operating system, protecting it from potential damage.
  • Ease of Restoration: You can create snapshots of your virtual machine and easily restore them if something goes wrong.
  • Portability: You can easily move and share the virtual machine with others.

📝 Instructions

  • Open this URL and fork the repository https://github.com/breatheco-de/incident-report-for-sql-injection-exercise-project

fork button

A new repository will be created in your account.

  • Clone the newly created repository into your localhost computer.
  • Once you have cloned successfully, follow the steps below carefully, one by one.

Step 1: Verify the Virtual Machine Setup Before Starting

Step 2: Installing and Configuring DVWA

1cd DVWA/config 2sudo cp config.inc.php.dist config.inc.php
1sudo nano config.inc.php

💡 IMPORTANT: Ensure the following lines have the correct credentials:

  • $_DVWA[ 'db_user' ] = 'root';
  • $_DVWA[ 'db_password' ] = 'root_password';
  • $_DVWA[ 'db_database' ] = 'dvwa';
1sudo mysql -u root -p 2CREATE DATABASE dvwa; 3EXIT;
1sudo chown -R www-data:www-data /var/www/html/DVWA/ 2sudo chmod -R 755 /var/www/html/DVWA/

Step 3: Conduct the SQL Injection Attack.

*Username: admin
*Password: password
11' OR '1'='1

Click "Submit" and observe how DVWA processes the injection and displays the database results.

💡 NOTE: You should see a list of all users extracted from the database, indicating a successful SQL injection.

vulnerability

Step 4: Incident Report.

💡 NOTE: Incident reports according to ISO 27001 standards do not specifically require the inclusion of images unless they are necessary to illustrate critical points or specific technical details of the incident. However, in most cases, reports often include screenshots, charts, or diagrams only if they are relevant to support the explanation of the incident or to demonstrate how the vulnerability exploitation was carried out.

Download an example of an incident report

📝 Delivery

  • At the root of the forked project, upload the report in .pdf format with the name incident-report.pdf

Signup and get access to similar projects

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Signup and get access to similar projects

We will use it to give you access to your account.
Already have an account? Login here.

By signing up, you agree to the Terms and conditions and Privacy policy.

Difficulty

  • intermediate

Average duration

3 hrs

Technologies

Difficulty

  • intermediate

Average duration

3 hrs

Technologies