Building a Home Lab for Web App Pentesting
This is a sample writeup. Replace it with real notes, or delete it — new posts are just markdown files dropped into
src/content/writeups/.
Goal
Keep a disposable, network-isolated environment for testing intentionally vulnerable apps (e.g. DVWA, juice-shop) without touching the host network.
Setup
- A dedicated VM host (or a container network) with no bridge to the LAN.
- A proxy (Burp/Caido) sitting between the browser and the target.
- Snapshots before every test run, so the environment resets to a known state.
Notes
- Keep target versions pinned — reproducing a finding later depends on it.
- Log requests/responses as you go; write the “why”, not just the “what”, while it’s fresh.