š„ I made a series of videos about hacking DVWS using Burp Suite: https://www.youtube.com/playlist?list=PLz_SG4MKcA4m1p-QPvkLaX6gVrCIHwkCj
Many years ago, if you want to practice basics of penetration testing, the best way to do that was to play around with DVWA. DVWA is āDamn Vulnerable Web Applicationā, a web app specifically designed to have as many vulnerabilities as possible for you to learn how to exploit them. This project is cool and all but very dated. Youāre unlikely to encounter something like this (no-API no-framework multipage PHP service) in the modern world.
DVWS is āDamn Vulnerable Web Servicesā a modern alternative to DVWS. Itās powered by Angular, nodejs, Express, MySQL, and MongoDB, uses ORMs, provides REST API as well as GraphQL endpoints. A lot of stuff to exploit. Iāve covered 15 vulnerabilities but thatās far from all, I might do more videos later.
Lastly, Burp Suite is a tool for penetration testing, mostly manual one. At first I though Iāll make videos about using it, but turns out there is not that much to tell, so the focus shifted from a tool to tool-agnostic techniques.