0% found this document useful (0 votes)

39 views8 pages

DVWA Web Security Testing Report - Internship Task 1

Uploaded by

Fazlee Kan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

39 views8 pages

DVWA Web Security Testing Report - Internship Task 1

Uploaded by

Fazlee Kan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Cyber Security Internship Report

Task 1 : Web Application Security Testing

INTERNSHIP: Future Interns

REPORT BY: Mihir Rathod
Web Application Security Testing Task 1

1 Introduction
This report outlines the activities completed during Task 1 of the SOC Internship, fo-
cused on testing web application security using the Damn Vulnerable Web Application
(DVWA). The goal was to simulate attacks like SQL Injection, XSS, and IDOR in a
controlled environment, identify vulnerabilities, and recommend mitigation strategies.
Testing was conducted on a local DVWA setup installed on Kali Linux. Tools used
included the browser, Burp Suite (for intercepting/modifying requests), and manual pay-
loads.

2 Environment Setup
Operating System: Kali Linux
Steps to Install DVWA

cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git DVWA
sudo chown -R www-data:www-data /var/www/html/DVWA
sudo chmod -R 755 /var/www/html/DVWA

Database Configuration

sudo mysql -u root

CREATE DATABASE dvwa;
CREATE USER ’dvwa’@’localhost’ IDENTIFIED BY ’dvwa’;
GRANT ALL PRIVILEGES ON dvwa.* TO ’dvwa’@’localhost’;
FLUSH PRIVILEGES;
EXIT;
cd /var/www/html/DVWA/config
sudo cp config.inc.php.dist config.inc.php

Start Services and Access DVWA

sudo service apache2 start

sudo service mysql start
Open browser:

• http://localhost/DVWA/login.php

• Username: admin

• Password: password

Page 1
Web Application Security Testing Task 1

Figure 1: DVWA login page

3 Testing Methodology
1. Recon: Identify input points (ID, forms, comments).

2. Use Burp Suite to intercept and modify requests.

3. Test for SQLi, XSS, and IDOR manually.

4. Capture screenshots and analyze results.

4 Findings
1. IDOR (Insecure Direct Object Reference)
Steps:

• Logged into DVWA.

• Intercepted request with Burp Suite.

• Modified id=1 to id=4.

Page 2
Web Application Security Testing Task 1

Figure 2: Accessing other user’s data using IDOR

Figure 3: Burp Suite Intercept showing modified ID

Page 3
Web Application Security Testing Task 1

Figure 4: Credentials disclosed for different ID

Impact: Unauthorized access to user data due to missing access control checks.

2. SQL Injection (SQLi)

Steps:

• Navigated to SQLi page in DVWA.

• Input: 1 OR 1=1 in User ID field.

• Captured and modified request in Burp Suite.

Figure 5: SQLi Payload Result

Page 4
Web Application Security Testing Task 1

Figure 6: Burp Suite Request with SQL Injection

Result:

ID: 1 OR 1=1
First name: admin
Surname: admin

3. Reflected Cross-Site Scripting (XSS)

Steps:

• Visited vulnerabilities/xss r.

• Injected:
<script>alert(’XSS’)</script>

• Observed JavaScript execution.

Figure 7: Reflected XSS Alert Executed

Page 5
Web Application Security Testing Task 1

4. Stored Cross-Site Scripting (XSS)

Steps:
• Entered same payload in comment field:
<script>alert(’XSS stored’)</script>

• Reloaded the page.

Figure 8: Comment Submission with Stored XSS Payload

Figure 9: Stored XSS Alert on Page Load

5 Mitigations
• Use parameterized queries to prevent SQLi.

• Validate and sanitize all user inputs.

Page 6
Web Application Security Testing Task 1

• Apply proper access control checks for user data.

• Use templating engines that auto-escape HTML.

• Employ Content Security Policy (CSP) to block script execution.

6 Conclusion
The DVWA testing exercise revealed critical vulnerabilities such as SQL Injection, XSS,
and IDOR. These findings represent real-world attack vectors that can lead to serious se-
curity breaches. This task emphasized the need for secure coding, proper input validation,
and layered security controls in web applications.

Page 7

8.1P Final
No ratings yet
8.1P Final
13 pages
Owasp Report
No ratings yet
Owasp Report
10 pages
Windows 10 Exploitation with Metasploit
No ratings yet
Windows 10 Exploitation with Metasploit
12 pages
RA2211030010040 Vulnerability Report On BWAPP
No ratings yet
RA2211030010040 Vulnerability Report On BWAPP
11 pages
Web Security Vulnerabilities Guide
No ratings yet
Web Security Vulnerabilities Guide
9 pages
Altoro PDF
No ratings yet
Altoro PDF
101 pages
OS Command Injection Bee-Box
0% (1)
OS Command Injection Bee-Box
8 pages
Eh Lab 8
No ratings yet
Eh Lab 8
11 pages
API Pentesting
No ratings yet
API Pentesting
27 pages
Penetration Testing Web Application - Web Application (In) Security
No ratings yet
Penetration Testing Web Application - Web Application (In) Security
2 pages
Understanding Privilege Escalation
100% (1)
Understanding Privilege Escalation
7 pages
OWASP MASVS for Mobile App Security
No ratings yet
OWASP MASVS for Mobile App Security
47 pages
Detect Sqli Attacks in Web Apps Using NV PDF
No ratings yet
Detect Sqli Attacks in Web Apps Using NV PDF
13 pages
Web Security Testing Workshop
No ratings yet
Web Security Testing Workshop
9 pages
Pentest Definition
No ratings yet
Pentest Definition
11 pages
Web Security Interview Questions Guide
No ratings yet
Web Security Interview Questions Guide
34 pages
Penetration Testing Essentials
100% (1)
Penetration Testing Essentials
33 pages
XSS Attacks: Types and Defenses Explained
No ratings yet
XSS Attacks: Types and Defenses Explained
44 pages
Burp Suite Training Guide (Thoery)
No ratings yet
Burp Suite Training Guide (Thoery)
6 pages
crAPI VAPT
No ratings yet
crAPI VAPT
38 pages
Shellshock Lab Assignment
No ratings yet
Shellshock Lab Assignment
8 pages
Web App Security Testing Workshop
No ratings yet
Web App Security Testing Workshop
5 pages
Module 2
No ratings yet
Module 2
84 pages
Information Security Quiz Guide
No ratings yet
Information Security Quiz Guide
25 pages
Acunetix Web Vulnerability Scanner
No ratings yet
Acunetix Web Vulnerability Scanner
8 pages
EC Council Certified Ethical Hacker CEH v9.0
No ratings yet
EC Council Certified Ethical Hacker CEH v9.0
5 pages
Web 200 Syllabus
No ratings yet
Web 200 Syllabus
11 pages
IDOR Guide
No ratings yet
IDOR Guide
41 pages
Hacking Notes For CEH
No ratings yet
Hacking Notes For CEH
13 pages
Web Application VAPT Sample Report PDF CyberSapiens
No ratings yet
Web Application VAPT Sample Report PDF CyberSapiens
8 pages
Webscarab Instructions
No ratings yet
Webscarab Instructions
12 pages
2.7.3 Lab Use Steganography To Hide Data Answer Key
100% (1)
2.7.3 Lab Use Steganography To Hide Data Answer Key
3 pages
Morning Catch Documentation
No ratings yet
Morning Catch Documentation
5 pages
OWASP XSS Prevention Cheat Sheet
No ratings yet
OWASP XSS Prevention Cheat Sheet
11 pages
Network Security Essentials
No ratings yet
Network Security Essentials
116 pages
Wireframe+Prototype+Template Tejasvi
No ratings yet
Wireframe+Prototype+Template Tejasvi
14 pages
Acunetix: Web Vulnerability Scanner Insights
No ratings yet
Acunetix: Web Vulnerability Scanner Insights
14 pages
File Permissions and Networking Concepts
No ratings yet
File Permissions and Networking Concepts
8 pages
Cyber Security Internship Report (Beginner)
No ratings yet
Cyber Security Internship Report (Beginner)
18 pages
Mobile Application Security and Penetration Testing: Syllabus
No ratings yet
Mobile Application Security and Penetration Testing: Syllabus
14 pages
Secure Software Development
No ratings yet
Secure Software Development
5 pages
Pentesting Report
100% (2)
Pentesting Report
3 pages
Mobile Security Testing Approaches and Challenges: February 2015
No ratings yet
Mobile Security Testing Approaches and Challenges: February 2015
6 pages
2021 Ceh Documentation
No ratings yet
2021 Ceh Documentation
47 pages
Lab19 File Upload Vulnerabilities
No ratings yet
Lab19 File Upload Vulnerabilities
2 pages
Ethical Hacking Lab Guide
No ratings yet
Ethical Hacking Lab Guide
2 pages
SQL Injection Exercises for Ethical Hacking
No ratings yet
SQL Injection Exercises for Ethical Hacking
17 pages
Va PT Report
No ratings yet
Va PT Report
16 pages
Report On
No ratings yet
Report On
8 pages
SEC660: Advanced Penetration Testing
No ratings yet
SEC660: Advanced Penetration Testing
2 pages
Cyber LAW
No ratings yet
Cyber LAW
43 pages
OpenVAS 9 Installation Guide for Kali
No ratings yet
OpenVAS 9 Installation Guide for Kali
27 pages
Web Vulnerability Assessment Report
No ratings yet
Web Vulnerability Assessment Report
16 pages
Future CS 01
No ratings yet
Future CS 01
13 pages
Altoro Mutual VAPT
No ratings yet
Altoro Mutual VAPT
19 pages
Web App Security for IT Students
No ratings yet
Web App Security for IT Students
61 pages
Cs Lab File
No ratings yet
Cs Lab File
30 pages
Websyn
No ratings yet
Websyn
15 pages
Vulnerabilities in Modern Web Applications
100% (2)
Vulnerabilities in Modern Web Applications
34 pages
Building Testing Environment: The Practice of Web Application Penetration Testing
No ratings yet
Building Testing Environment: The Practice of Web Application Penetration Testing
11 pages
Install PyInstaller If You Haven
No ratings yet
Install PyInstaller If You Haven
2 pages
Automotive Cybersecurity Market: Global Opportunity Analysis and Industry Forecast, 2025-2034
No ratings yet
Automotive Cybersecurity Market: Global Opportunity Analysis and Industry Forecast, 2025-2034
50 pages
IDS-IPS Tools
No ratings yet
IDS-IPS Tools
28 pages
Tools
No ratings yet
Tools
2 pages
Cyber Security Task 1 - Future Interns
No ratings yet
Cyber Security Task 1 - Future Interns
9 pages
Suace & Spoon - Project Plan
No ratings yet
Suace & Spoon - Project Plan
58 pages
5g Network Optimization 20250813 HASMAJ
No ratings yet
5g Network Optimization 20250813 HASMAJ
15 pages
Paloalto
No ratings yet
Paloalto
271 pages
Action Verbs to Boost Your Resume
No ratings yet
Action Verbs to Boost Your Resume
2 pages
Virus Total Integration
No ratings yet
Virus Total Integration
14 pages
WRA0000
No ratings yet
WRA0000
3 pages
Activity Template - ROAM Analysis
No ratings yet
Activity Template - ROAM Analysis
2 pages
Activity Template WBS Spreadsheet
No ratings yet
Activity Template WBS Spreadsheet
2 pages
Key Components of Effective Project Plans
No ratings yet
Key Components of Effective Project Plans
2 pages
Activity Template - Use A WBS To Create Project Tasks and Milestones - Part 1
No ratings yet
Activity Template - Use A WBS To Create Project Tasks and Milestones - Part 1
1 page
Agile Project Management - Challange 2 - PASSED
No ratings yet
Agile Project Management - Challange 2 - PASSED
5 pages
Strategies for Accurate Time Estimates
No ratings yet
Strategies for Accurate Time Estimates
3 pages
Question 2 - Toward Certi
No ratings yet
Question 2 - Toward Certi
12 pages
Module 4 Final Quiz - PASS
No ratings yet
Module 4 Final Quiz - PASS
5 pages
Question 3 - Toward Certi
No ratings yet
Question 3 - Toward Certi
5 pages
Module 4
No ratings yet
Module 4
25 pages
Module 4 Assignments
No ratings yet
Module 4 Assignments
9 pages
Module 15
No ratings yet
Module 15
38 pages
AWS IoT Monitoring Essentials
No ratings yet
AWS IoT Monitoring Essentials
30 pages
ANDROID on BlackBerry PlayBook
No ratings yet
ANDROID on BlackBerry PlayBook
22 pages
Installing and Configuring VMware Dynamic Environment Manager. VMware Dynamic Environment Manager 9.9
No ratings yet
Installing and Configuring VMware Dynamic Environment Manager. VMware Dynamic Environment Manager 9.9
51 pages
Learning Activity Sheet Java (LAS) - 5
No ratings yet
Learning Activity Sheet Java (LAS) - 5
9 pages
Videotek VTM-300, VTM-310 and VTM-320 Installation and Operation Handbook
No ratings yet
Videotek VTM-300, VTM-310 and VTM-320 Installation and Operation Handbook
98 pages
Codd's 12 Rules for Relational DBMS
No ratings yet
Codd's 12 Rules for Relational DBMS
2 pages
SCX 4321 - SCX 4321 Specs
No ratings yet
SCX 4321 - SCX 4321 Specs
4 pages
Microsoft Access Video Rental Lab
No ratings yet
Microsoft Access Video Rental Lab
7 pages
MIT App Inventor Microbit LED
No ratings yet
MIT App Inventor Microbit LED
4 pages
h2823 Avamar Vmware
No ratings yet
h2823 Avamar Vmware
4 pages
Admin and Login URL Directory
No ratings yet
Admin and Login URL Directory
9 pages
Log
No ratings yet
Log
9 pages
Mainframes Interview Questions
No ratings yet
Mainframes Interview Questions
10 pages
Smart Lighting Setup Guide
No ratings yet
Smart Lighting Setup Guide
2 pages
Coa Unit 1 Notes Coa
No ratings yet
Coa Unit 1 Notes Coa
36 pages
OpenModelicaUsersGuide-1 21 PDF
No ratings yet
OpenModelicaUsersGuide-1 21 PDF
549 pages
Quantum HD: Gets A "Unity" Facelift!
No ratings yet
Quantum HD: Gets A "Unity" Facelift!
2 pages
A PROPOSAL ON Web Based Tourist Center - 1
No ratings yet
A PROPOSAL ON Web Based Tourist Center - 1
5 pages
Assignment-1 SRE Sec A
No ratings yet
Assignment-1 SRE Sec A
4 pages
Office 365 Education SKU List
No ratings yet
Office 365 Education SKU List
4 pages
Java Exception Handling Explained
No ratings yet
Java Exception Handling Explained
42 pages
SQL Server Authentication Methods, Logins, and Database Users - Simple Talk
No ratings yet
SQL Server Authentication Methods, Logins, and Database Users - Simple Talk
15 pages
Dcfs Client List
No ratings yet
Dcfs Client List
6 pages
GA4 Overview and Key Features
No ratings yet
GA4 Overview and Key Features
15 pages
TWAINDRIVERENRMR2
No ratings yet
TWAINDRIVERENRMR2
7 pages
Spending Tracker PDF
No ratings yet
Spending Tracker PDF
7 pages
JMockit
No ratings yet
JMockit
16 pages
Pojavlauncher
No ratings yet
Pojavlauncher
15 pages
Excel Analysis of Between Companies
No ratings yet
Excel Analysis of Between Companies
5 pages
PHP - MySQL (Original) - Manual PDF
No ratings yet
PHP - MySQL (Original) - Manual PDF
5 pages
AWS Lambda Java Development Guide
No ratings yet
AWS Lambda Java Development Guide
8 pages

DVWA Web Security Testing Report - Internship Task 1

Uploaded by

DVWA Web Security Testing Report - Internship Task 1

Uploaded by

Cyber Security Internship Report

Task 1 : Web Application Security Testing

INTERNSHIP: Future Interns

sudo mysql -u root

Start Services and Access DVWA

sudo service apache2 start

Figure 1: DVWA login page

2. Use Burp Suite to intercept and modify requests.

3. Test for SQLi, XSS, and IDOR manually.

4. Capture screenshots and analyze results.

• Logged into DVWA.

• Intercepted request with Burp Suite.

• Modified id=1 to id=4.

Figure 2: Accessing other user’s data using IDOR

Figure 3: Burp Suite Intercept showing modified ID

Figure 4: Credentials disclosed for different ID

2. SQL Injection (SQLi)

• Navigated to SQLi page in DVWA.

• Input: 1 OR 1=1 in User ID field.

• Captured and modified request in Burp Suite.

Figure 5: SQLi Payload Result

Figure 6: Burp Suite Request with SQL Injection

3. Reflected Cross-Site Scripting (XSS)

• Observed JavaScript execution.

Figure 7: Reflected XSS Alert Executed

4. Stored Cross-Site Scripting (XSS)

• Reloaded the page.

Figure 8: Comment Submission with Stored XSS Payload

Figure 9: Stored XSS Alert on Page Load

• Validate and sanitize all user inputs.

• Apply proper access control checks for user data.

• Use templating engines that auto-escape HTML.

• Employ Content Security Policy (CSP) to block script execution.

You might also like