Reference no: EM132871253
MOD006363 Web Application Security - Anglia Ruskin University
Completed Logbook with all 10 labs completed with evidence and reflection
Assessment Description
Each week, in your practical sessions, you are provided with lab exercises based upon web application security vulnerability discovery, mitigation and good practice security techniques.
In order to pass this element you must complete all TEN weeks of the exercises to the lab tutor's satisfaction. Each exercise carries the same weighting. This assessment of this element is PASS/FAIL. The element must be successfully completed with evidence, in order to pass the module.
You are expected to maintain an engineering lab book that:
• Is in digital format and in English
• Is maintained in an application such as MS Word
• Containing evidence of the completed exercises in the format given below (with screenshots) in the marking scheme section
• Contains a reflection section at the end of each week to summarize skills and techniques learnt
• Week 1:
o Overview of OWASP top 10 write up (plus reflection)
• Week 2:
o Hacker Test HTML Labs 1-10 (plus reflection) (REMOVED DUE TO ITS BLOCKING IT FOR ON-CAMPUS STUDENTS). If you have already did It, please add it anyway for future reference.
• Week 3:
o 1 star: Find Score-board - Find the carefully hidden 'Score-Board' page.
o 1 star: Missing Encoding - Retrieve the photo of Bjoern's cat in "melee combat-mode".
o 1 star: Zero Stars - Give a devastating zero-star feedback to the store. (plus reflection)
• Week 4:
o 1 star: Confidential Document - Access a confidential document.
o 2 star: Login Admin - Log in with the administrator's user account. (plus reflection)
• Week 5:
o 2 star: View Basket - View another user's shopping basket.
o 2 star: Admin Section - Access the administration section of the store. (plus reflection)
• Week 6:
o 1 star: Exposed Metrics - Find the endpoint that serves usage data to be scraped by a popular monitoring system.
o 3 star: Login Amy - Log in with Amy's original user credentials. (plus reflection)
• Week 7:
o Nothing this week
• Week 8:
o 1 star: Error Handling - Provoke an error that is neither very gracefully nor consistently handled.
o 1 star: Privacy Policy - Read our privacy policy. (plus reflection)
• Week 9:
o 1 star: DOM XSS - Perform a DOM XSS attack
o 1 star: Bonus Payload - Use the bonus payload (plus reflection)
• Week 10:
o 1 star: Chatbot abuse - Find the chatbot and ask it to get a discount (plus reflection)
• Week 11:
o 4 star: Easter Egg - Find the hidden Easter Egg.
o 4 star: Nested Easter Egg - Apply some advanced crypt-analysis to find the "REAL EASTER EGG". (plus reflection)
Attachment:- web security lab.rar