How to Install DVWA(Damn Vulnerable Web App) Web Application on Windows with XAMPP

DVWA or Damn Vulnerable Web App is a PHP based web application for Practicing Web Pentesting and learn about web vulnerabilities in a safe environment. Its main goal is to provide a safe and legal environment for security professionals and students to test their skills and tools and learn about Web security.

In this post we are going to see how to install DVWA on your system. And in order to install DVWA first we need to install HTTP web server with php and mysql. For this we can use XAMPP server, which contains apache http server, php and mysql.

First download DVWA and XAMPP setup :

DVWADownload Link

XAMPP : Download Link

Note : Downlaod XAMPP with PHP version 5.x.x, otherwise some of the DVWA examples are not work properly.

Now follow the below steps :

1. Install the XAMPP Server. For the installation process of xampp server checkout the below link :

                       How to Install and Configure XAMPP Server

2. Extract the DVWA files from and rename the extracted file from dvwa-master to dvwa, then copy the whole folder to "C_Drive > xampp >> htdocs" folder ("C:\xampp\htdocs" directory).

3. Now go to inside the dvwa folder and then open config folder.

Inside the config folder, there is a file named, now make a copy of it and then rename it to

Now open the with notepad or your favourite editor and search the below line
    $_DVWA[ 'db_password' ] = 'p@ssw0rd';
and here remove the p@ssw0rd from the above line, after it looks like
    $_DVWA[ 'db_password' ] = '';
than save the file. I am using notepad++ and it is on line no 21.

4. Now on XAMPP control panel start Apache and mysql service, and open the below url on your browser.
And at this page click on the "Create/Reset Database" button, at the bottom of the page, and that's it. You are successfully installed the DVWA app. Now login with the below credentials
    Username : admin
    Password : password

5. And to change the security levels Goto "DVWA Security" tab and select the security level and click on submit button.

Conclusion :

In this post we saw the installation process of DVWA web app. For more information about Web Security and Web Pentesting, please visit the below link :