2

I have heard Xampp is not safe and has a lot of security loopholes. What steps need to be taken to close the loopholes? Is it better if I use a VM instead? I new to Security Testing and want to learn using DVWA. Kindly provide some feedback...

Rishikesh
  • 123
  • 5
  • "Is it better if I use a VM instead?" Definitely. It is usually best practice to do assessment work/practice on a VM that you can easily restore. It's also good practice to not have this VM exposed to the internet. – Henry F Jun 05 '18 at 08:01

1 Answers1

2

Is it safe to install Xampp to learn Security and Penetration testing using DVWA?

You can make it safe(r) by:

Configure Apache and MySQL to listen only on 127.0.0.1.

  • Apache

    Edit the file C:\xampp\apache\conf\httpd.conf and change Listen 80 to Listen 127.0.0.1:80

  • MySQL

    Edit the file C:\xampp\mysql\bin\my.ini and make sure that the bind-address is set to 127.0.0.1

Configure the firewall to block TCP port 80

Use the Windows firewall to block incoming requests to TCP port 80.

Community
  • 1
Jeroen
  • 5,783
  • 2
  • 18
  • 26
  • What if used another port for xampp instead of port 80??? Will that help useful?? – Rishikesh Jun 05 '18 at 08:53
  • @Rishikesh Well in that case common sense should be used, right? – Jeroen Jun 05 '18 at 09:07
  • 2
    Binding only to localhost would still leave it vulnerable to cross-site requests (CSRF). An attacker can perform a request to the vulnerable applications running on localhost from his website. – Sjoerd Jun 05 '18 at 09:13
  • 1
    @Sjoerd While this is very true, what do you consider the likelihood of this happening? – Jeroen Jun 05 '18 at 09:24