SOPH LAB IN APPLIED COMPUTING

• Find six vulnerabilities in CandyPal
• Vulnerabilities must fall under the risks discussed during lecture
  • Cross-Site Scripting
  • Cross-Site Request Forgery
  • Insecure Deserialization
  • Using Components with Known Vulnerabilities
  • Unvalidated Redirects and Forwards
  • Insufficient Logging & Monitoring
• Provide the following per vulnerability:
  • Name
  • Image
  • Description

In order to access CandyPal (http://10.15.1.10:9090) you must use the VPN.

and you need using burp suite check the website and vpn log in the candypal.