bWAPP, or a buggy web application, is a deliberately insecure web application. bWAPP helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.

bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux and Windows.


1. Download the main file

2. make a directory in /var/www/html and unzip the downloaded file there

  • sudo mkdir /var/www/html/bWAPP
  • sudo mv /var/www/html/bWAPP/
  • cd /var/www/html/bWAPP/
  • ls
  • sudo unzip

3. Having all the files extracted navigate to ./bWAPP/admin

  • cd bWAPP/admin/
  • ls

4. Make sure to start apache & mysql services

  • sudo service mysql start
  • sudo service mysql status
  • sudo service apache2 start
  • sudo service apache2 status

5. Modify the SQL credentials in settings.php, credentials used to log in to mysql

  • cat settings.php

Confirm you can log in to mysql, using the same credentials you put on settings.php

  • mysql -u root -p
  • show databases;


If you still have issues you can set the database password by logging into the mysql and run

Change user and password at will

  • ALTER USER 'root'@'localhost' IDENTIFIED BY 'bug';
  • flush privileges;

6. Give full permissions to the following directories documents, images, passwords & logs

  • sudo chmod 777 documents/
  • sudo chmod 777 images/
  • sudo chmod 777 passwords/
  • sudo chmod 777 logs/
  • ls -ld documents images passwords logs

7. Now access the application from the browser. Probably you will face the following error


8. To fix it access /bWAPP/bWAPP/install.php, and, click on “here”


9. After that this message should show

10. Now click on log in to get back to the page where we got the error


11. The credentials are bee/bug

12. There you can do the following

  • Change current password
  • Create a new user
  • Change security level
  • Reset the database
  • Select the instance to test “choose your bugs”