OWASP Damn Vulnerable Web Sockets (DVWS) Logo

OWASP Damn Vulnerable Web Sockets (DVWS)

0
Free
Visit Website

OWASP Damn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication. The flow of the application is similar to DVWA. You will find more vulnerabilities than the ones listed in the application. Requirements: In the hosts file of your attacker machine create an entry for dvws.local to point at the IP address hosting the DVWS application. The application requires Apache + PHP + MySQL, PHP with MySQLi support, Ratchet, and ReactPHP-MySQL. Install 'Ratchet' and 'ReactPHP-MySQL' using composer. Set the MySQL hostname, username, password, and an existing database name in the includes/connect-db.php file then go to Setup to finish setting up DVWS. Running DVWS: On the host running this application, run the following command from DVWS directory: php ws-socket.php --heartbeat-interval <sec>

FEATURES

ALTERNATIVES

Akamai Client-Side Protection & Compliance is a security tool that monitors and protects against client-side threats on websites, aiding in PCI DSS v4.0 compliance.

A cloud-based web application firewall that protects applications from various cyber threats through rule-based filtering, machine learning detection, and integrated security features.

A script that implements Cognito attacks such as Account Oracle or Priviledge Escalation

A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.

A comprehensive application security platform that combines runtime protection, security testing, and monitoring capabilities across the entire application lifecycle.

A source code search engine for searching alphanumeric snippets, signatures, or keywords in web page HTML, JS, and CSS code.

A JavaScript security scanning platform that detects exposed secrets, API keys, and vulnerabilities in JavaScript files through continuous monitoring and automated discovery.

A cloud-based DAST solution that discovers, inventories, and tests web applications and APIs for security vulnerabilities across diverse environments.