OWASP Damn Vulnerable Web Sockets (DVWS)
OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the ones listed in the application. Requirements: In the hosts file of your attacker machine create an entry for dvws.local to point at the IP address hosting the DVWS application. The application requires Apache + PHP + MySQL, PHP with MySQLi support, Ratchet, and ReactPHP-MySQL. Install 'Ratchet' and 'ReactPHP-MySQL' using composer. Set the MySQL hostname, username, password, and an existing database name in the includes/connect-db.php file then go to Setup to finish setting up DVWS. Running DVWS: On the host running this application, run the following command from DVWS directory: php ws-socket.php --heartbeat-interval <sec>
FEATURES
SIMILAR TOOLS
An application security testing platform that combines automated scanning, AI assistance, and manual expert testing to provide continuous security assessment throughout the software development lifecycle.
A DAST solution that performs automated security testing of APIs and web applications within development workflows and CI/CD pipelines.
A popular free security tool for automatically finding security vulnerabilities in web applications
A web-based tool for instrumenting and analyzing Android applications using Flask, Jinja, and Redis.
A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
A set of 48 practical programming exercises in cryptography and application security
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.