🎥 I made a series of videos about hacking DVWS using Burp Suite: https://www.youtube.com/playlist?list=PLz_SG4MKcA4m1p-QPvkLaX6gVrCIHwkCj

Many years ago, if you want to practice basics of penetration testing, the best way to do that was to play around with DVWA. DVWA is “Damn Vulnerable Web Application”, a web app specifically designed to have as many vulnerabilities as possible for you to learn how to exploit them. This project is cool and all but very dated. You’re unlikely to encounter something like this (no-API no-framework multipage PHP service) in the modern world.

DVWS is “Damn Vulnerable Web Services” a modern alternative to DVWS. It’s powered by Angular, nodejs, Express, MySQL, and MongoDB, uses ORMs, provides REST API as well as GraphQL endpoints. A lot of stuff to exploit. I’ve covered 15 vulnerabilities but that’s far from all, I might do more videos later.

Lastly, Burp Suite is a tool for penetration testing, mostly manual one. At first I though I’ll make videos about using it, but turns out there is not that much to tell, so the focus shifted from a tool to tool-agnostic techniques.