DVWA - File Inclusion
LFI & RFI are commonly found in poorly written PHP code, allows an attacker to include a local or remote PHP file into the webservers running
web app testing
CSRF - Cross Site Request Forgery
CSRF refers to an attack against authenticated web applications using Cookies wherein an attacker is able to trick a victim into making a request that
XSS - Cross Site Scripting
XSS in an input validation weakness which allows an attacker to inject a payload into a response from the application. When the payload can included
XXE - XML External Entity
The XML External Entity (XXE) attack is a type of attack against an application that parses XML input. An XXE attack typically occurs when XML
Unrestricted File Upload
Many web applications allow users to upload content. The content may be images, word documents, audio and video files etc. This upload facility however exposes