I had a really fun time testing the bWAPP web application modules created by Malik at MME IT.
As I was working through the application, I found myself getting stuck in a few areas and decided to take to the Internet to find some help. Technical solutions typically exist for most vulnerable machines or applications, however I noticed that there was a limited amount of walkthroughs available for bWAPP. So to help aid people who may be stuck, I decided to create some walkthroughs for the following areas:
A1: Injection A2: Broken Authentication A4: Insecurity Direct Object References A6: Sensitive Data Exposure A7: Missing Functional Level Access Control
For me, the goal wasn’t to complete a walkthrough of every possible module in bWAPP, but just the areas which I found more interesting than others. Hopefully these help someone in need :)