After completing this lab, you will submit a word (or PDF) document that meets all of the requirements in the description at the end of this document. In addition, your Web Application files should be submitted. You can submit multiple files in a zip file. Needed files for this are attached!
What is under Lab submission details on page 15 needs to be done. You can view the rest of the document if you need to.
Lab submission details:
For this lab, you will provide a detailed analysis using both manual interception techniques and
automatic scanner attacks on the http://localhost/week4/loginAuth.html. You should run the manual
interception techniques first, and describe in detail the information revealed to you during your analysis.
Be sure to provide screen captures of you running of the tool and analyze all files used for the
application (loginAuth.html, authcheck.php and logout.php). Try to modify the http messages and look
for possible vulnerabilities. This is the important discovery portion of your analysis.
When you run the automatic scan, be sure to generate an HTML report showing all alerts. Also, describe
the active scan activity. For each alert, discuss all of the output and try possible solutions. Be sure to
describe how you prioritized alert messages. Try to resolve all alerts and document specifically your
process in resolving those alerts. Rerun the scanner after you have fixed as many issues as you can to
demonstrate your success.
For your deliverables, you should submit a zip file containing your word document (or PDF file) with
screen shots of your scans. Be sure to include the descriptions and analysis of your results, your
prioritization and approach to mitigating the issues. Also, include the reports from your scan. Your
report should be well-organized and clearly written. This report is aimed at your Chief Security officer
who pays your salary. He is a technical geek and wants details, clarity and something he can pass on to
others to make sure you have job security for years to come