RandomStorm acquisition of DVWA open source web application enables security professionals to fine tune their vulnerability testing skills in a legal environment

27 January 2010

RandomStorm has announced the acquisition of Damn Vulnerable Web App (DVWA) the open source web application widely used by security professionals to fine tune their vulnerability testing skills in a legal environment.

DVWA is an open source PHP/MySQL web application that has been developed by the leading security blogger and ethical hacker, Ryan Dewhurst, to deliberately include a wide range of design errors and coding vulnerabilities; if found in a live environment these vulnerabilities could be exploited by real hackers, posing a serious security threat to the network.

Security professionals and Web developers are able to freely use DVWA to help build a better understanding of the process of securing Web applications and as a training aid for Pen testers and other ethical hackers without breaking the law.

As part of the acquisition agreement Ryan will join the RandomStorm development team, providing expert consultancy services and continuing to work on the development of the Damn Vulnerable Web application as well as a range of other open source test applications that are in the pipeline.

The acquisition is part of RandomStorm’s strategic development plans which aims to position the company as a single point of contact for the full range of specialist testing and monitoring tools needed to help manage the security posture of the corporate IT infrastructure in line with the current compliance regulations including PCI DSS and the Government Connect CoCo standard.

Established in 2007, RandomStorm’s own integrated suite of agile vulnerability scanning products and services, widely used by major businesses and public sector organisations, enable network managers to automate their LAN, WAN and WLAN network vulnerability management programmes with minimum human intervention. Including real-time vulnerability and IDS information the RandomStorm technology provides a 24/7 early warning system of genuine threats to the network in time to take preventive action.

Andrew Mason, RandomStorm’s founder and Chief Technologist said “Our aim is become synonymous with all aspects of managing network vulnerability and a first port of call for security professionals looking for the tools they need to keep one step ahead of the hackers. DVWA adds a new dimension to our core products and services that will help us to strengthen our growing reputation in our specialist sector of the market and open up new opportunities beyond the UK and Europe.”

Author of DVWA, Ryan Dewhurst commented “RandomStorm has become widely recognised in the professional security sector as thought leaders in the vulnerability management space, DVWA is a natural fit with its other specialist scanning technology and with their backing the aim is for it to become even more widely available to the testing community.”