OWASP BWA is hosted in SourceForge, a popular repository for open source projects. The following steps will help us in creating a vulnerable virtual machine:
- Go to http://sourceforge.net/projects/owaspbwa/files/ and download the latest release of the .ova file. At the time of writing, it is OWASP_Broken_Web_Apps_VM_1.2.ova:
- Wait for the download to finish and then open the file.
- VirtualBox's import dialog will launch. If you want to change the machine's name or description, you can do so by double-clicking on the values. Here, you can change the name and options for the virtual machine; we will leave them as they are. ...