[Purpose] With the popularization of software and the Internet, people pay more and more attention to the security of the Web system. Software security vulnerabilities have strong concealment. Once the Web system is attacked, it will cause incalculable losses to enterprises and individual users. How to understand the root causes of various software security vulnerabilities, and how to find software security vulnerabilities in order to improve the security of software systems is a very important topic in software development. [Methods] DVWA (Damn Vulnerable Web App) can help people understand various software security vulnerabilities. By using DVWA, people can understand various types of Web system software security vulnerabilities, as well as different levels of vulnerability prevention methods. [Conclusion] The experimental results show that DVWA provides a testing environment for various Web system security vulnerabilities, covers typical types of vulnerabilities, is easy to understand and use, and can effectively help developers improve the security of Web systems.