Reference no: EM133011672

Assessment Task: Portfolio - Expose website security vulnerabilities

Observation task

Below are the observation components that the learner is required to demonstrate as part of this assessment. The learner only needs to demonstrate this once. If the learner is unable to demonstrate one or more of the required Observation tasks to a satisfactory level, they will be given a second opportunity to demonstrate the unsatisfactory Observation task(s).

Task 1: Detect and Exploit Website Vulnerabilities

You've studied several web application security vulnerabilities and learnt the methods to detect them in the training. In this assessment, you're going to provide evidences of your ability to detect and exploit these vulnerabilities with a given target server. Please use Web for Pentester 1 and xvwa website for this assessment.

You must include at least one example of each of the following vulnerabilities:

Q1.1: SQL Injection (you can use Web for Pentester 1, SQLi Exercises for this)

Screenshot 1: normal user operation (e.g. name=root showing only one user)

Describe how are you going to perform SQL Injection and what are the expected results

Screenshot 2: The actual results after injection (e.g. showing all users). You must screenshot shows the URL, which indicate the use of injection code.

Q1.2: Broken Authentication and Session Management weakness (you can use xvwa website, "Session Flaws")

Describe how are you going to exploit the hijacked session token and what are the expected results

Using fixed session hijacking to login as "admin" without using the username and password.

Q1.3: Cross Site Scripting (XSS) weaknesses (you can use xvwa website, "Cross Site Scripting (XSS) - Reflected")

Screenshot 1: normal user operation (e.g. type any normal text in the input and click on submit button)

Describe how are you going to exploit the Cross Site Scripting (XSS) weaknesses?

Screenshot 2: Input XSS code and submit. You must screenshot shows the URL, which indicate the use of XSS code.

Q1.4: Insecure Direct Object Reference (you can use xvwa website, "Insecure Direct Object Reference")

Screenshot 1: normal user operation (e.g. use the dropdown list to select coffee item from 1 to 5)

Describe how are you going to perform Insecure Direct Object Reference and what is the expected results

Screenshot 2: The actual results of IDOR testing. You must screenshot shows the URL, which indicate the use of testing method.

Portfolio
In Task 1, you have detected security vulnerabilities against the target website. Choose one of the vulnerabilities you find above and complete the following report using the template provided.

In Task 1, you have detected security vulnerabilities against the target website. Choose one of the vulnerabilities you find above and complete the following report using the template provided.

Q2.1 Executive summary

Q2.2 Report headings:

Q2.3 Categorization and Rating

Q2.4 Authenticated Access Required

Q2.5 External/Internal Access

Describe if you are testing the target web application from internal network or external network, or both?

Q2.6 Vulnerability Description

** Detailed description of the vulnerability. What was done, what was seen. Paste logs and screenshots in this section. **

Q2.7 Steps to Reproduce

** Describe step by step how to reproduce this issue. The instruction you documented in this section will be used by the developers of the application to test and fix the issue. **

Q2.8 Risk

** Refer to OWASP Top Ten document to identify the risk of the issue **

Q2.9 Remediation

** Refer to OWASP Top Ten document to provide remediation of the issue to the client **

Q2.10 Present your 2.1~2.9 report to a peer in the team and ask for feedback. Record the feedback you received down below

Q2.11 Review a peer's report and give feedback. Record the feedback you gave down below

Task 3: Work with a Proxy and Web Proxy Testing tools (BurpSuite)

In this task, you'll need to use BurpSuite as a proxy tool to intercept a Google query and modify it.

Q3.1 Screenshot: BurpSuite - showing web proxy is UP and interception is ON

Q3.2 Screenshot: Client - with proxy enabled and configured to use BurpSuite

Q3.3 Screenshot: Client - at Google web page, searching for apples

Q3.4 Screenshot: BurpSuite - intercepting the initial request (Google search for apples)

Q3.5 Screenshot: BurpSuite - after you alter the query (Alter the key word to oranges)

Q3.6 Screenshot: Client - results of the altered query (Google search result for oranges)

Task 4: Using Nikto to scan for common security vulnerabilities
Q4.1 Screenshot(s): Depending on your screen resolution and if you've used Nikto correctly, you may see many pages of information. If it takes more than one screen use two screenshots: screenshot the one showing you type the command for Nikto (top of output) and another one showing the end of the output.

Q4.2 Nikto may find several issues and vulnerabilities. Choose one and research it:

Task 5: Using OWASP ZAP to spider a website

Use OWASP Zap to spider either WebForPentester 1 or xvwa website on your computer.

Q5.1 Answer the following two questions about web spidering.

What is website / web application spidering?

Name at least 2 software tool that could spider website / web application.

Q5.2 Describe / screenshot how to use OWASP ZAP tool to spider a website / web application.

Q5.3 Conduct a spidering to a target website. When finished, expand and screenshot the result node tree captured

Write down the URL of the target website

Expand and screenshot the result node tree captured (You are required to FULLY expand at least 2 nodes)

Attachment:- Expose website security vulnerabilities.rar