1
00:00:00,850 --> 00:00:04,450
As the target systems, we will use a few devices.

2
00:00:04,450 --> 00:00:09,700
One of the target devices will be Owasp, Broken Web applications or BWA.

3
00:00:10,710 --> 00:00:16,200
A broken web applications is a virtual machine that hosts a lot of applications prepared for training

4
00:00:16,200 --> 00:00:17,070
purposes.

5
00:00:17,250 --> 00:00:25,530
These apps are intentionally have a lot of vulnerabilities and could also be accessed from a main page.

6
00:00:25,650 --> 00:00:31,980
The virtual machine is prepared by Owasp Open Web Application Security Project, which is one of the

7
00:00:31,980 --> 00:00:36,930
most important communities around in the application security market.

8
00:00:39,200 --> 00:00:41,690
So I'm now on my host machine.

9
00:00:41,690 --> 00:00:42,920
It's a MacBook.

10
00:00:43,940 --> 00:00:51,020
Open a web browser and Google for a broken web applications.

11
00:00:51,050 --> 00:00:52,520
Those are my keywords.

12
00:00:53,060 --> 00:01:01,880
The first website is the official website of the Broken Web Applications project hosted under the owasp.org

13
00:01:01,910 --> 00:01:02,620
domain.

14
00:01:02,630 --> 00:01:03,890
So let's click it.

15
00:01:04,750 --> 00:01:07,720
Now, this is a web page of broken Web applications.

16
00:01:07,750 --> 00:01:10,030
I'll call it BWA from now on.

17
00:01:10,600 --> 00:01:15,670
So there are some explanations about this project here so you can read them if you want.

18
00:01:15,670 --> 00:01:22,480
But over here on the right hand side, we have download the latest release, so click on that.

19
00:01:23,540 --> 00:01:27,590
Now we're directed to the Soundforge website.

20
00:01:28,820 --> 00:01:31,970
So these are the side effects of GDPR.

21
00:01:32,800 --> 00:01:36,280
We'll have to see a lot more approval pages like this one.

22
00:01:37,620 --> 00:01:43,680
Okay, so these are all the releases of the project and the latest version is right here at the top.

23
00:01:44,550 --> 00:01:45,600
So click on it.

24
00:01:45,600 --> 00:01:53,820
And now I have three different options to download the file, the zip file and a dot seven zip file.

25
00:01:54,300 --> 00:02:01,890
Now, an Ova file is a virtual appliance used by virtualization applications such as VMware and Oracle

26
00:02:01,890 --> 00:02:02,880
VirtualBox.

27
00:02:02,910 --> 00:02:07,590
It's a package that contains files used to describe a virtual machine.

28
00:02:08,190 --> 00:02:16,140
Zip and seven Z are the archive files and they contain the exact same VM, so you can download any one

29
00:02:16,140 --> 00:02:19,110
of them where the seven Z file is smaller.

30
00:02:19,800 --> 00:02:24,510
Okay, so I want to download the seven z file which is the most popular one already.

31
00:02:24,540 --> 00:02:29,460
So click on the link and download will start in just a couple of seconds.

32
00:02:29,460 --> 00:02:30,390
There we go.

33
00:02:41,530 --> 00:02:42,670
And the download is finished.

34
00:02:42,670 --> 00:02:47,030
So now I have an Owasp BWA archive file.

35
00:02:47,050 --> 00:02:51,050
So I'll open it with an unarchiver and double click.

36
00:02:51,070 --> 00:02:53,680
And here are the files inside the archive.

37
00:02:54,360 --> 00:02:57,780
So I already have the VMs, so I won't extract it again.

38
00:02:58,050 --> 00:03:00,900
When you extract it, you will have a folder like this.

39
00:03:01,750 --> 00:03:05,830
So go to the folder and here are the files of the virtual machine.

40
00:03:06,730 --> 00:03:11,740
If you run the VM file, double click, the VM starts.

41
00:03:11,950 --> 00:03:17,280
If it's the first run, it asks you whether you moved it or copied it.

42
00:03:17,290 --> 00:03:20,200
Select, copied and continue.

43
00:03:21,690 --> 00:03:22,110
Right.

44
00:03:22,110 --> 00:03:27,720
So while the VM is starting, let's have a look at its settings by clicking this button.

45
00:03:28,570 --> 00:03:30,250
Click here to look at the memory.

46
00:03:30,370 --> 00:03:33,520
1024MB of Ram is recommended.

47
00:03:34,240 --> 00:03:37,630
Click show all to turn back to the settings.

48
00:03:37,930 --> 00:03:44,200
Network settings are here, so my VM is in an unrecognized network mode.

49
00:03:44,230 --> 00:03:45,580
Don't pay any attention to that.

50
00:03:45,580 --> 00:03:48,450
Your VM is probably in Nat mode by default.

51
00:03:48,460 --> 00:03:54,760
I choose share with my Mac so that I can use the VM in Nat mode.

52
00:03:56,460 --> 00:04:00,060
So now the VM has started and we're ready to log in.

53
00:04:00,640 --> 00:04:05,710
It has a root user with a password Owasp BWA by default.

54
00:04:06,010 --> 00:04:11,020
I haven't changed it before, so I'll log into the VM by using this credential.

55
00:04:12,890 --> 00:04:17,480
If config did check if it has got an IP address and there it is.

56
00:04:17,480 --> 00:04:18,740
So yes it has.

57
00:04:19,260 --> 00:04:21,600
Now ping a system on the internet.

58
00:04:21,779 --> 00:04:23,430
Google DNS for example.

59
00:04:23,460 --> 00:04:25,010
8.8.8.8.

60
00:04:25,630 --> 00:04:27,700
And we'll receive the replies.

61
00:04:27,940 --> 00:04:33,600
So it seems everything's fine and we're ready to use Owasp Broken Web Applications VM.