Damn Vulnerable Web Application (DVWA)

While doing Google searches on Penetration Testing, I came across this website, Damn Vulnerable Web Applicaiton or DWVA for short. This web application let’s current/new security professionals test out their skills in a legal environment. I downloaded this onto my Linux virtual machine through VMPlayer (that will be another post). So far, I like the web application. I am watching and emulating YouTube videos on DWVA.

If anyone is thinking about downloading DWVA and needs help on installation, let me know and I can make that a post as well.

Website: http://www.dvwa.co.uk/

Formalities

I guess I should get the formalities out of the way.

I started this blog to discuss my journey of transitioning over the Information Security field. I see my end goal as becoming a Penetration Tester. At this time, I have the education (Masters in Computer Science, graduate certificate in Information Security and Privacy) but even with the education, I do not have the practical knowledge at this time (that’s changing though).

Now to begin the formalities:

I’ve been trying to enter the Information Security field for the past 8 years. I can remember it like yesterday how I became interested in the topic. I stumbled into a Yahoo! Group post on Cryptography. I remember spending 2 hours looking at all the posts and becoming intrigued on how messages were scrambled and to the naked (untrained) eye looked like jibberish. At that time I said, “I want to do cryptography.” After doing more research, I realized that while cryptography is interesting the field is narrow. I wanted my career to give me options, I didn’t want to do the same thing everyday. Next, I decided that I wanted to look at authentication protocols after reading Michelle Brown’s speech to Congress about Identity Theft. Again, after doing more research into authentication protocols I had the same problem as Cryptography, the field was narrow.

Before my Computer Forensics final (May 2011), I was talking with one of my classmates, where he brought up Penetration Testing. I was skeptical about the field because I thought it was going to be like the last two I researched (cryptography and authentication protocols), but as I started doing more research I found myself to be even more intrigued. The field of penetration testing seemed to fit me perfectly. The field is not so narrow, meaning that if I wanted to change my scope of penetration testing it wouldn’t be a problem since there are many flavors of the field.

What I see this blog becoming:

My plan for the next couple of posts will be discussing  tools I am playing with, would like to play with, and other general topics that deal with information security/penetration testing. By all means I would like this to be interactive. If anyone knows of tools/certifications that I need to successfully transition over to the field, please let me know.

Thanks. (o: