DEV Community

Matty
Matty

Posted on

Cybersecurity Beginner's Guide: Build Your Own Vulnerable Lab in 5 Minutes (DVWA + More)

In cybersecurity learning and hands-on training, a cyber range is a must-have environment. It simulates real-world attack and defense scenarios for penetration testing, vulnerability analysis, and security education.
🧩What Is a Cyber Range?
A standard cyber range typically includes the following components:
Vulnerable applications (e.g., DVWA, bWAPP)
Runtime stack (PHP, MySQL, Nginx, Node.js)
Database systems **for testing SQLi and auth flaws
**Testing tools
like Burp Suite, sqlmap, nmap
Management middleware such as phpMyAdmin
✅Why it matters:
Safe & legal: No risk of harming real systems

Hands-on debugging: You can break, analyze, and fix freely

Completely offline: **No dependency on the internet

**Practical experience: **Setting it up is already real-world practice
**Step 1: Use ServBay to Build a Local Lab (macOS)

ServBay is a lightweight local dev environment for macOS. It bundles PHP, MySQL, Nginx, and more.
Quick Setup:

  1. Download from https://www.servbay.com/

Image description
2.Download and start MySQL database

Image description
Start the most needed server, here I choose Nginx.

Image description
Step 2: Deploy DVWA (Damn Vulnerable Web App)
DVWA is a classi learning platform containing common vulnerabilities like XSS, SQLi, CSRF, and file upload flaws.
✓Installation Steps:https://github.com/digininja/DVWA.git
1.Move DVWA into ServBay’s root directory (/Applications/ServBay/www/)
Then modify the config.inc.php.dist file suffix to config.inc.php, and modify the database user name and password. Other configurations do not need to be changed.

Image description
2.Configure database:

Image description

Edit config.inc.php:

Image description

3.Visit https://servbay.host/ ,click phpmyadmin, create a dvwa database

Image description

Image description

4.Go to https://dvwa.servbay.test/setup.php and click Create / Reset Database

Image description

5.Default login: admin / password

Image description

6.The building is complete!🎉You can choose a security level (Low / Medium / High / Impossible) and start hacking

Image description
Step 3: 5 More Vulnerable Platforms to Try💡

Image description

🧠Want to go further?
Use Docker Compose to manage multiple platforms
Deploy CTFd to create your own CTF challenge system
Pair with Burp Suite, Wireshark, etc., for deep packet inspection
Regularly update images to match modern threats and CVEs
A 5-Minute Lab Setup is Totally Possible!🎉
ServBay offers a fast, reliable, and developer-friendly way to build a local cybersecurity lab on macOS. Paired with DVWA and other recommended platforms, this environment will help you gain a strong foundation in web security testing and prepare you for future CTFs, internships, and red/blue team scenarios.

Top comments (3)

Collapse
 
terminaltools profile image
Stephano Kambeta

Thanks for this

Collapse
 
inng_l_c5743ef9cb6934cb62 profile image
inng L

perfect!

Collapse
 
platypus98 profile image
Platypus

Perfect timing! I was just looking for some cybersecurity tutorials recently.

Some comments may only be visible to logged-in visitors. Sign in to view all comments.