Getting infrastructure deployed and configured correctly has been one of the most time consuming things when demonstrating the cybersecurity attack chain.

The primary goal was to deploy this in a Docker container. Reason being it is infrstructure that is not needed all the time, and may need to move from a laptop, to Google Cloud Platform, to Azure, etc.

Option 1 - Run the Built Container

From a security perspective it is not a great idea to use an already built container as you have no idea how it was built or if any backdoor or data exfiltration configurations are pre-built.

That being said, this particular container is maintained by the the site owner. The source control link on http://www.dvwa.co.uk/ leads to a Github repository. That Github repository references this prebuilt container on Docker Hub.

Download the container, and run it

docker run --rm -it -p 80:80 vulnerables/web-dvwa

Option 2 - Build a Docker Container

Get it here, https://github.com/digininja/DVWA.


Option 3 - Build Your Own

You can easily interpret the Dockerfile to deploy all of the software and configurations manually on a host.