Skip to main content

Introduction

Implementing a Web Application Vulnerability Testing Environment enhances the utilisation of vMaxGuard's Web Application & API Protection (WAAP) capabilities. This isolated environment allows security teams to simulate attack scenarios such as SQL injection, cross-site scripting (XSS), and authentication bypass without affecting production systems.

This setup facilitates:

  • Validation of vMaxGuard's detection, mitigation, and analytics accuracy.
  • Fine-tuning of WAF rules, rate limiting, and threat signatures.
  • Verification of policy coverage for both known and custom application behaviours.

DVWA (Damn Vulnerable Web Application)

  • PHP/MySQL application with multiple vulnerability levels.
  • Focus: XSS, SQLi, CSRF, file inclusion.
  • Suitable for testing WAAP/WAF response to common attacks.
  • Repository: DVWA GitHub

WAPP (buggy Web Application)

  • Over 100 vulnerabilities, including the OWASP Top 10.
  • Suitable for comprehensive security policy testing.
  • Download: Official WAPP Site

OWASP Juice Shop

  • Single-page app (Node.js/Angular) with both visible and hidden vulnerabilities.
  • Suitable for testing WAAP analytics and modern security features.
  • Documentation: OWASP Juice Shop