(solution) Set up webgoat on your vm independently

(solution) Set up webgoat on your vm independently

  • Set up webgoat on your vm independently
    • https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
  • Confirm that webgoat runs on your VM (doesn?t have to be the same one that has DVWA)
  • Pick 4 vulnerabilities from the following list

Final Project Guidance Set up webgoat on your vm independently
o https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Confirm that webgoat runs on your VM (doesn?t have to be the same one that has DVWA)
Pick 4 vulnerabilities from the following list
o Cross-site Scripting (XSS)
o Access Control
o Thread Safety
o Hidden Form Field Manipulation
o Parameter Manipulation
o Weak Session Cookies
o Blind SQL Injection
o Cross-site Scripting (XSS)
o Access Control
o Thread Safety
o Hidden Form Field Manipulation
o Parameter Manipulation
o Weak Session Cookies
o Blind SQL Injection
o There are others you may pick
The four vulnerabilities of your choice will make up 25% of the final project grade Deliverables: A recorded video with your voice demonstrating ?live? the vulnerabilities
o Make sure you practice for the video
o If you don?t have the ability to record, set up an appointment with me for a live demo.
1 page write-up on each vulnerability you choose to take advantage of summarizing the
following..
o Why it?s a problem
o What you can do to protect against it
o Document some examples in the web goat (no pictures allowed)