SOPH LAB IN APPLIED COMPUTING

profilelouxiadefengjing
Week_5_Slides.pptx

Security Training Platforms Pt. 1

By Li-Wey Lu

Agenda

Homework

Quiz

Assignment Drop

Security Training Platforms

Next Week

Homework

Homework – Due Next Week

Create a Python script that solves http://10.15.1.10:8080/injection/lab_3/index.php

Pip install requests

Use the uploaded template to help get you started

OR

Find three more vulnerabilities in CandyPal (http://10.15.1.10:9090)

Provide the following per vulnerability:

Name

Image

Description

Quiz

Quiz – Answers

Q1. Which of the following is not a type of Cross-Site Scripting?

A1. Mirrored

Q2. What does SOP stand for?

A2. Same Origin Policy

Q3. What does CORS stand for?

A3. Cross-Origin Resource Sharing

Q4. Cross-Site Scripting attacks can only be performed against HTTP GET requests

A4. False

Q5. SOP looks at the protocol, host, and port

A5. True

Assignment Drop

Assignment Drop – Overview

Lowest homework score will be dropped

Lowest quiz score will be dropped

Security Training Platforms

Security Training Platforms – DVWA

NAME: Damn Vulnerable Web Application (DVWA)

DETAILS: Link

URL: http://10.15.1.10:8082/

USERNAME: admin

PASSWORD: password

Security Training Platforms – WebGoat

NAME: OWASP WebGoat

DETAILS: Link

URL: http://10.15.1.10:8083/WebGoat

USERNAME: Register New User

PASSWORD: Register New User

Next Week

Next Week

Topic:

Security Training Platforms Pt. 2

Assignments:

Week 5 Homework

Week 5 Quiz