Web Application Security Demonstrate Practical Knowledge

Web Application Security

Security Audit

Learning Outcome 1: Interact with the protocols that define the World Wide Web
Learning Outcome 2: Demonstrate practical knowledge of digital certification and TLS
Learning Outcome 3: Perform a security audit of a web application
Learning Outcome 4: Recommend security measures to protect web applications

Task: In this assessment you are required to write a report on the security of a web application of up to 2000 words.

This report should consist of two elements:

  1. Short report demonstrating successful exploitation of common web vulnerabilities (CTF Style)
  2. Discussion of ONE topic from the OWSAP top 10

Security Assessment
For the first element of the report you will need to complete a series of hacking tasks on a virtual machine.
The machine will allow you to demonstrate your ability to exploit common web application flaws including topics like:

  • Directory Scanning
  • Cross Site Scripting
  • SQL Injection

For the report you are expected to write a brief summary of how you exploited the flaw. For example, a description of the attack, and any payloads used.
This element of the report can be screenshots or code samples, some discussion of the thought process used for exploitation, along with any flags gained during the process.

OWASP Topic Discussion
For the second element of the report you are required to write a short report on ONE element of the OWASP top 10. You are free to choose any element, either one of the topics we study in the lab sessions such as XSS or SQLi, or another element that interests you.

  1. Introduction to the topic: What it is, and why it is of interest in Cyber security
  2. Discussion of this topic including:
    o Technical discussion of the topic (How does this flaw happen)
    o Discussion of the topic in the wider security context (What does it mean in terms of security, how common is it, how “dangerous” is the vulnerability)
    o Example of the topic in the “Real world”
  3. Considerations for mitigating this problem.
  4. Social, Legal and Ethical considerations with this particular topic

Report Structure
The recommended structure for the report is

  1. Introduction
  2. Results of the Security Audit
  3. Discussion of OWASP topic
  4. Summary
  5. References

No Comment.