DVWA - File upload
Send files to get some shells
dvwa
DVWA - File inclusion
Direct access to hidden assets
DVWA - CSRF
Manipulate your targets
DVWA - Brute force
Find the password
DVWA - SQL injection
Extract the database by changing your username
DVWA - Command Injection
Think outside the box when passing parameters
DVWA - CSP Bypass
Discover how third party code can get you pwned
DVWA - JavaScript
Explore the limits of client side controls
DVWA - Weak Session IDs
Get in the dev’s mindset to access the assets
DVWA - XSS DOM
Under the dom
DVWA - Setup Burp Intruder
First attacks with Burp
DVWA - Configure Burp
First launch of Burp Suite
DVWA - Start with Docker
Run DVWA with Docker
DVWA - XSS Stored
Store scripts in unusual places
DVWA - XSS Reflected
XSS yourself
Beginner level
Damn Vulnerable Web App - Beginner