DVWA - File upload
Send files to get some shells
Send files to get some shells
Direct access to hidden assets
Manipulate your targets
Find the password
Extract the database by changing your username
Think outside the box when passing parameters
Discover how third party code can get you pwned
Explore the limits of client side controls
Get in the dev’s mindset to access the assets
Under the dom
First attacks with Burp
First launch of Burp Suite
Run DVWA with Docker
Store scripts in unusual places
XSS yourself