Title:

Vulnerability Scanner using DVWA Testing Command Injection, SQL Injection, CSRF, XSS, and Brute Force

Modern web applications are increasingly exposed to security threats that exploit common vulnerabilities. This project presents the development of a Python-based automated vulnerability scanner designed to detect five critical web security flaws: Command Injection, SQL Injection, Cross-Site Request Forgery (CSRF), Brute Force attacks, and DOM-based Cross-Site Scripting (XSS). To test these vulnerabilities safely, the Damn Vulnerable Web Application (DVWA) was used as a controlled environment. The scanner interacts with DVWA by sending requests that simulate malicious behavior and analyzes responses to determine exploit success. For example, command injection was identified by detecting unintended command execution results, while SQL Injection was verified through login bypasses. CSRF and Brute Force detection relied on session manipulation and repeated login attempts, respectively, and DOM-based XSS was confirmed via JavaScript payload execution. The project demonstrates how web applications respond differently to the same input depending on their security settings, emphasizing the importance of input validation, token checks, and request lifecycle awareness.

Name

Comment*

Comments are viewable only by submitter

Captcha*