← writeups

Building a Home Lab for Web App Pentesting

homelabweb-securitynotes

This is a sample writeup. Replace it with real notes, or delete it — new posts are just markdown files dropped into src/content/writeups/.

Goal

Keep a disposable, network-isolated environment for testing intentionally vulnerable apps (e.g. DVWA, juice-shop) without touching the host network.

Setup

  1. A dedicated VM host (or a container network) with no bridge to the LAN.
  2. A proxy (Burp/Caido) sitting between the browser and the target.
  3. Snapshots before every test run, so the environment resets to a known state.

Notes

  • Keep target versions pinned — reproducing a finding later depends on it.
  • Log requests/responses as you go; write the “why”, not just the “what”, while it’s fresh.