User Account

All Pages

Make the webgoat exercises and document the entire process

Assignment Help Basic Computer Science
Reference no: EM133214266

For Milestone 2, complete at least the following exercises:

1.  General -> HTTP Basics
2.  General -> HTTP Proxies
3.  Authentication Flaws -> Authentication

Bonus:  Authentication Flaws - JWT Tokens

Instructions (Click to Explore)

Make the WebGoat exercises and document the entire process. Most exercises do not contain sufficient instructions to fully finsh the exercise and require outside research. If you're not able to make the exercise, please document the research that you attempted to overcome any issues that you run into. Take screen captures where appropriate and include those in your journal.

These exercises require technical knowlege of subjects such as HTTP, SQL, and a good understanding of how the internet and browsers work. We can't stress this enough: the instructions are purposely vague and the exercises are difficult. These exercises require research outside of what is provided in class. You must be able to take the initiative to research the topics covered in the exercises that you do not understand or have a background in.  Your instructor is here to help also, please make sure when you when send questions to the instructor you include the research that you have performed before reaching out.

The tools you will need to complete the WebGoat exercises are installed in the Kali VM in your virtual environment. Your virtual environment does not have access to the internet so you will not be able to do internet searches while inside it. Make sure you have another way to do internet searches for assistance.

You will need to take screen captures of your attempts and your results inside WebGoat and then explain the images in the context of the flow or order of the exercise. You will also need to reflect on the significance of the exercise to web security overall. What was going through your mind as you were doing the testing? How would you have approached development of this site differently to avoid these vulnerabilities? 

The project is set up for you to win points based on finished and documented exercises. While we encourage you to attempt all the WebGoat exercises over the course of the term, you will not be penalized if you are unable to finish them all successfully. There are opportunities to earn enough points without completing all the exercises. In the event that you cannot make an exercise and capture a successful screen capture of the result we want you to describe the process you went through to attempt to complete it (with screen captures that illustrate your journey) and explain how the experience made you feel. If you are frustrated, record that. (Please keep the language level PG at most. Channel Morgan Freeman, not Samuel L. Jackson.)

Access Instructions:

WebGoat has been installed in your virtual consolidated lab environment. Access instructions for the consolidated lab environment are under the Course Documents link on the left. To access WebGoat, log into your virtual environment into the Kali VM, open a web browser, and navigate to: https://localhost:8080/WebGoatNOTE: The first time you visit the site you will need to create a new account for yourself. Remember your login information because you will need to re-use it on subsequent visitsz

Submission Instructions

  • This is a term-length assignment with three deliverables. You will need at least three entries into your journal. It is fine to post more than three entries, but you must have at least three.
  • Because this is a self-paced deliverable-based assignment, students will have different exercises completed at different times. In your journal entries, you need to include specific details about which exercises you have completed from the WebGoat, even if the screen captures display that information.
  • You will be using the Journal tool in Blackboard, which you can access by clicking the link above. This process and reflection journal is private and only viewable by you and the professor. The idea behind the journal is to have a private one-on-one place for detailed discussion with your professor about your progress on this project. As you complete entries your professor will use the comment feature to give feedback and you can continue that conversation in the comments area.
  • Keeping good notes during your WebGoat adventure is very important. You may not know immediately if something you come across is important until much later. You may also make notes on how you conducted a certain procedure in case you need to repeat it later. In the real world notes are also very important when you finally have to write a report for your employer or customer. You should go back frequently and review your previous journal entries and see if they prompt you to do anything different.
  • The goal of this assignment is to provide a low-risk space for students to explore and reflect on the experience of web application penetration testing on their own. Thus, it is graded on a Complete/Incomplete basis. Please see the rubric for detailed information on how points toward Complete status are awarded.
  • The entire assignment counts for 15% of your overall grade (150 points total, 50 points for each entry).

Reference no: EM133214266

Questions Cloud

Create a report summarizing the sarbanes-oxley act : The management team needs to better understand the Sarbanes-Oxley Act of 2002. They would like you to create a report summarizing the Sarbanes-Oxley Act.
Create a virtual private cloud : 1. Create a Virtual Private Cloud with a private and public subnet, an Internet Gateway, and a NAT Gateway.
What do you feel are most common techniques leaders tend : What do you feel are the most common techniques leaders tend to use to motivate workers to perform more efficiently?
Importance of using effective systems for data encryption : What is the importance of using effective systems for data encryption?
Make the webgoat exercises and document the entire process : Make the WebGoat exercises and document the entire process. Most exercises do not contain sufficient instructions to fully finsh the exercise and require outsid
Write a sql statement to show employees who work : Using a Subquery, write a SQL statement to show Employees who work for the 'Accounting' Department (show employee's Name and Phone#).
Find an example online of type of policy : Choose one (1) of those security policies and find an example online of this type of policy.
World of cryptography is enormous : The world of cryptography is enormous. Reflect on what you learned this week. Sharing will help solidify your knowledge and introduce you to other perspectives.
Describe scenario that requires information security plan : Describe the scenario that requires an information security plan. The company you choose can be a current, former, or fictional environment.

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd