In cybersecurity learning and hands-on training, a cyber range is a must-have environment. It simulates real-world attack and defense scenarios for penetration testing, vulnerability analysis, and security education.
🧩What Is a Cyber Range?
A standard cyber range typically includes the following components:
Vulnerable applications (e.g., DVWA, bWAPP)
Runtime stack (PHP, MySQL, Nginx, Node.js)
Database systems **for testing SQLi and auth flaws
**Testing tools like Burp Suite, sqlmap, nmap
Management middleware such as phpMyAdmin
✅Why it matters:
Safe & legal: No risk of harming real systems
Hands-on debugging: You can break, analyze, and fix freely
Completely offline: **No dependency on the internet
**Practical experience: **Setting it up is already real-world practice
**Step 1: Use ServBay to Build a Local Lab (macOS)
ServBay is a lightweight local dev environment for macOS. It bundles PHP, MySQL, Nginx, and more.
Quick Setup:
- Download from https://www.servbay.com/
2.Download and start MySQL database
Start the most needed server, here I choose Nginx.
Step 2: Deploy DVWA (Damn Vulnerable Web App)
DVWA is a classi learning platform containing common vulnerabilities like XSS, SQLi, CSRF, and file upload flaws.
✓Installation Steps:https://github.com/digininja/DVWA.git
1.Move DVWA into ServBay’s root directory (/Applications/ServBay/www/)
Then modify the config.inc.php.dist file suffix to config.inc.php, and modify the database user name and password. Other configurations do not need to be changed.
2.Configure database:
Edit config.inc.php:
3.Visit https://servbay.host/ ,click phpmyadmin, create a dvwa database
4.Go to https://dvwa.servbay.test/setup.php and click Create / Reset Database
5.Default login: admin / password
6.The building is complete!🎉You can choose a security level (Low / Medium / High / Impossible) and start hacking
Step 3: 5 More Vulnerable Platforms to Try💡
🧠Want to go further?
Use Docker Compose to manage multiple platforms
Deploy CTFd to create your own CTF challenge system
Pair with Burp Suite, Wireshark, etc., for deep packet inspection
Regularly update images to match modern threats and CVEs
A 5-Minute Lab Setup is Totally Possible!🎉
ServBay offers a fast, reliable, and developer-friendly way to build a local cybersecurity lab on macOS. Paired with DVWA and other recommended platforms, this environment will help you gain a strong foundation in web security testing and prepare you for future CTFs, internships, and red/blue team scenarios.
Top comments (3)
Thanks for this
perfect!
Perfect timing! I was just looking for some cybersecurity tutorials recently.
Some comments may only be visible to logged-in visitors. Sign in to view all comments.