This project demonstrates a complete Web Application Security Assessment of the Damn Vulnerable Web Application (DVWA) while integrating Secure Software Development Life Cycle (SDLC) principles.
Our mission: identify vulnerabilities, strengthen defenses, and embed security into every stage of development.
To perform a structured security evaluation and code hardening of DVWA, applying industry-standard methodologies like OWASP Top 10, STRIDE threat modeling, and secure coding practices.
- Deployed DVWA in a secure lab environment.
- Conducted threat modeling using STRIDE & OWASP methodologies.
- Deliverables: Threat diagrams, asset mapping, data flow classification.
- Performed dynamic testing using Burp Suite and OWASP ZAP.
- Identified critical vulnerabilities (XSS, Injection, IDOR, etc.).
- Deliverables: Vulnerability list, exploit screenshots, and test cases.
- Integrated secure coding practices into DVWA’s source code.
- Conducted peer code reviews and applied security mitigations.
- Deliverables: Before-and-after code comparisons, SDLC policy draft.
- Compiled a detailed final report including all findings, mitigations, and best practices.
- Delivered a presentation showcasing secure coding walkthroughs and test results.
- DVWA – Target web app
- Burp Suite / OWASP ZAP – Vulnerability scanning
- OWASP Top 10 – Security standards
- STRIDE – Threat modeling framework
- GitHub – Version control and documentation
- Threat model diagrams
- Vulnerability report & exploit documentation
- Secure code samples
- Final report & presentation
- Improved understanding of real-world web app vulnerabilities.
- Practical implementation of secure SDLC methodologies.
- Reinforced team-based collaboration in identifying and mitigating security flaws.
“Cutting through vulnerabilities, one exploit at a time.”
This project is developed for educational and research purposes only.
Use responsibly and ethically. ⚖️