DVWA（Damn Vulnerable Web Application）是一个用来进行安全脆弱性鉴定的PHP/MySQL Web应用，旨在为安全专业人员测试自己的专业技能和工具提供合法的环境，帮助web开发者更好的理解web应用安全防范的过程。

包含漏洞：暴力破解，命令注入，CSRF，文件包含，文件上传，验证码缺陷漏洞，SQL注入，XSS

具体安装步骤如下：

第一步：查找想要的镜像 docker search dvwa

docker search dvwa
NAME                                 DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
citizenstig/dvwa                     Docker container for Damn Vulnerable Web App…   68                   [OK]
sagikazarmark/dvwa                   DVWA (Damn Vulnerable Web Application) Docke…   13                   [OK]
infoslack/dvwa                                                                       12                   [OK]
cytopia/dvwa                         DVWA (Damn Vulnerable Web Application) with …   9
astronaut1712/dvwa                   Docker for DVWA LAB: https://github.com/Rand…   5                    [OK]
utspark/dvwa_frontend                                                                3
liniker/dvwa                         DVWA                                            2
benoitg/dvwa                         Damn Vulnerable Web Application https://gith…   2                    [OK]
cyberxsecurity/dvwa                                                                  2
acgpiano/dvwa                        latest dvwa                                     2
jechoi/dvwa                          Instantly runnable DVWA to practice web atta…   1
imfht/dvwa-nologin                   dvwa without login                              1
santosomar/dvwa                      DVWA Container for Cybersecurity Training       1
mlinarik/dvwa                                                                        0
waiyanwinhtain/dvwa                                                                  0
vladvantaroo/dvwa                    just dvwa                                       0
qeaccelerators/dvwa_app_dockerized                                                   0
rbenavente/dvwa-fargate                                                              0
howiehowerton/dvwa-howie                                                             0
aracloud/dvwa                                                                        0
scotty2hotty/dvwa                                                                    0
vulfocus/dvwa                                                                        0
bennalp/dvwa                                                                         0
c0ny1/dvwa                           dvwa镜像

第二步：选择镜像citizenstig/dvwa进行下载

docker pull citizenstig/dvwa

docker pull citizenstig/dvwa
Using default tag: latest
latest: Pulling from citizenstig/dvwa
8387d9ff0016: Pull complete
3b52deaaf0ed: Pull complete
4bd501fad6de: Pull complete
a3ed95caeb02: Pull complete
790f0e8363b9: Pull complete
11f87572ad81: Pull complete
341e06373981: Pull complete
709079cecfb8: Pull complete
55bf9bbb788a: Pull complete
b41f3cfd3d47: Pull complete
70789ae370c5: Pull complete
43f2fd9a6779: Pull complete
6a0b3a1558bd: Pull complete
934438c9af31: Pull complete
1cfba20318ab: Pull complete
de7f3e54c21c: Pull complete
596da16c3b16: Pull complete
e94007c4319f: Pull complete
3c013e645156: Pull complete
7b3eb1ac6cfe: Pull complete
Digest: sha256:1c0ab894f0bf41351519c8388a282c0a178216e9ce8f0399a162472070379dc6
Status: Downloaded newer image for citizenstig/dvwa:latest
docker.io/citizenstig/dvwa:latest

第三步：启动运行docker

映射web访问端口为9001，mysql数据库端口映射为13306

    docker run --name dvwa -d -p 9001:80 -p 13306:3306 citizenstig/dvwa

第四步：访问dvwa，进行系统初始化

http://ip:9001

点击 Create/Reset Database，初始化数据库

登录系统，默认用户密码为admin、password

安装完成，继续安全之旅吧