In this lab you will deploy an unsecure web app into Azure, and then using the Barracuda Web Application Firewall you will secure the application.
To create the environment, you will deploy an Azure Resource Manager template that will build a Virtual Network with two Servers: first a Windows Active Directory Domain Controller on Windows Datacenter Server 2012R2 and then an Ubuntu 15.10 Server with Apache, PHP, MySQL and the Damn Vulnerable Web Application installed.
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. More information can be found on the DVWA site.
Once this infrastructure is built you create an Azure Network Security Group to lock down the Virtual Network. Next you will provision and configure a Barracuda Web Application Firewall (WAF). After this is created you will then connect to the DVWA web application and run the attacks and see how they are logged in the Barracuda Web Application Firewall.