• Home
  • About
User's profile
Matty Published on Apr 17 • 3 min read

Cybersecurity Beginner's Guide: Build Your Own Vulnerable Lab in 5 Minutes (DVWA + More)

In cybersecurity learning and hands-on training, a cyber range is a must-have environment. It simulates real-world attack and defense scenarios for penetration testing, vulnerability analysis, and security education.
🧩What Is a Cyber Range?
A standard cyber range typically includes the following components:
Vulnerable applications (e.g., DVWA, bWAPP)
Runtime stack (PHP, MySQL, Nginx, Node.js)
Database systems **for testing SQLi and auth flaws
**Testing tools like Burp Suite, sqlmap, nmap
Management middleware such as phpMyAdmin
✅Why it matters:
Safe & legal: No risk of harming real systems

Hands-on debugging: You can break, analyze, and fix freely

Completely offline: **No dependency on the internet

**Practical experience: **Setting it up is already real-world practice
**Step 1: Use ServBay to Build a Local Lab (macOS)
ServBay is a lightweight local dev environment for macOS. It bundles PHP, MySQL, Nginx, and more.
Quick Setup:

  1. Download from https://www.servbay.com/

Image description
2.Download and start MySQL database

Image description
Start the most needed server, here I choose Nginx.

Image description
Step 2: Deploy DVWA (Damn Vulnerable Web App)
DVWA is a classi learning platform containing common vulnerabilities like XSS, SQLi, CSRF, and file upload flaws.
✓Installation Steps:https://github.com/digininja/DVWA.git
1.Move DVWA into ServBay’s root directory (/Applications/ServBay/www/)
Then modify the config.inc.php.dist file suffix to config.inc.php, and modify the database user name and password. Other configurations do not need to be changed.

Image description
2.Configure database:

Image description

Edit config.inc.php:

Image description

3.Visit https://servbay.host/ ,click phpmyadmin, create a dvwa database

Image description

Image description

4.Go to https://dvwa.servbay.test/setup.php and click Create / Reset Database

Image description

5.Default login: admin / password

Image description

6.The building is complete!🎉You can choose a security level (Low / Medium / High / Impossible) and start hacking

Image description
Step 3: 5 More Vulnerable Platforms to Try💡

Image description

🧠Want to go further?
Use Docker Compose to manage multiple platforms
Deploy CTFd to create your own CTF challenge system
Pair with Burp Suite, Wireshark, etc., for deep packet inspection
Regularly update images to match modern threats and CVEs
A 5-Minute Lab Setup is Totally Possible!🎉
ServBay offers a fast, reliable, and developer-friendly way to build a local cybersecurity lab on macOS. Paired with DVWA and other recommended platforms, this environment will help you gain a strong foundation in web security testing and prepare you for future CTFs, internships, and red/blue team scenarios.