DIWA is a Deliberately Insecure Web Application, which was built for educational purpose. Use DIWA to try out common Web Application Security Flaws like
- SQL Injection
- XSS (Cross-Site-Scripting)
- CSRF (Cross-Site-Request-Forgery)
- Session Hijacking
- Session Fixation
- Content Spoofing
- Missing Function Level Access Control
- Path Traversal
- Sensitive Data Exposure
- Brute Force Attacks
- and more ...
Since DIWA has a lot of security holes that allow an attacker to compromise a webspace / webserver make sure it is only accessible for yourself or the persons you want to use it.
Feel free to fork DIWA or open pull requests on github.
Please use our github Project to report Issues.
See LICENSE.md