Security level is currently: $securityLevel.

"; } $securityOptionsHtml .= ""; } $phpIdsHtml = 'PHPIDS is currently: '; if( dvwaPhpIdsIsEnabled() ) { $phpIdsHtml .= 'enabled. [Disable PHPIDS]'; } else { $phpIdsHtml .= 'disabled. [Enable PHPIDS]'; } // Anti-CSRF generateSessionToken(); // Able to write to the PHPIDS log file? $WarningHtml = ''; if( !is_writable( $PHPIDSPath ) ) { $WarningHtml .= "

Cannot write to the PHPIDS log file: ${PHPIDSPath}
"; } $page[ 'body' ] .= "

DVWA Security


Security Level

{$securityHtml}
{$securityLevelHtml}

You can set the security level to low, medium, high or impossible. The security level changes the vulnerability level of DVWA:

  1. Low - This security level is completely vulnerable and has no security measures at all. It's use is to be as an example of how web application vulnerabilities manifest through bad coding practices and to serve as a platform to teach or learn basic exploitation techniques.
  2. Medium - This setting is mainly to give an example to the user of bad security practices, where the developer has tried but failed to secure an application. It also acts as a challenge to users to refine their exploitation techniques.
  3. High - This option is an extension to the medium difficulty, with a mixture of harder or alternative bad practices to attempt to secure the code. The vulnerability may not allow the same extent of the exploitation, similar in various Capture The Flags (CTFs) competitions.
  4. Impossible - This level should be secure against all vulnerabilities. It is used to compare the vulnerable source code to the secure source code.
    Priority to DVWA v1.9, this level was known as 'high'.
" . tokenField() . "



PHPIDS

{$WarningHtml}

" . dvwaExternalLinkUrlGet( 'https://github.com/PHPIDS/PHPIDS', 'PHPIDS' ) . " v" . dvwaPhpIdsVersionGet() . " (PHP-Intrusion Detection System) is a security layer for PHP based web applications.

PHPIDS works by filtering any user supplied input against a blacklist of potentially malicious code. It is used in DVWA to serve as a live example of how Web Application Firewalls (WAFs) can help improve security and in some cases how WAFs can be circumvented.

You can enable PHPIDS across this site for the duration of your session.

{$phpIdsHtml}

[\">Simulate attack] - [View IDS log]
"; dvwaHtmlEcho( $page ); ?>