Perform security exploits on web applications and websites
Computer Network Security
Advanced Topics in Digital Security
Objectives
– To apply skills and knowledge acquired throughout the trimester in
exploiting web application security loopholes and the techniques to fix such
loopholes.
– To demonstrate ability to use WebGoat to test security exploits on web
applications and servers.
– To gain experience in documenting every application exploit that was tested.
Problem Statement
You are required to perform security exploits on web applications and
websites. To complete this assignment, you need to select and choose FOUR of
the security topics of web application security lessons specified in the
WebGoat J2EE web application package, including topics and tools that we have
not covered but you may find interesting. You may choose to use WebGoat and
any appropriate tools from the SIT704 CloudDeakin course website to complete
this assignment. You can also use other non-commercial (free and open-source)
tools (e.g. WebScarab, Wireshark, w3af, metasploit) to help you complete this
assignment. You are not allowed to use any commercial security-related or
automated hacking products such as IBM Security AppScan for this assignment.
To demonstrate your achievement of these goals, you must write a 2,000 word
report.
Your report should consist of the following chapters:
1. A proper title which matches the contents of your report.
2. Your name and Deakin student number in the author line.
3. An executive summary which summarizes your findings.
(You may find hints on writing good executive summaries from
http://unilearning.uow.edu.au/report/4bi1.html.)
4. An introduction chapter which lists the four vulnerabilities of your
choice, the impact of these vulnerabilities, the brief summary of your
findings, and the organization of the rest of your report.
5. A literature review chapter which surveys the latest academic papers
regarding the four vulnera- bilities of your choice. With respect to each
vulnerability, you are advised to identify and include at least two papers
published by ACM and IEEE journals or conference proceedings. Your review must
not simply be a summary of each paper, but rather a deep analysis of the body
of work reported in the set of paper. Your aim in this part of the report is
to demonstrate deep and thorough understanding of the existing body of
knowledge encompassing multiple vulnerabilities of modern web applications.
(Please read through the hints on this web page before writing this chapter
http://www.uq.edu.au/student-services/learning/literature-review.)
6. A technical demonstration chapter which consists of fully explained
screenshots when your tests were conducted. That is, you should explain the
identification of your target web services or web applications, the
information about the server(s), each step of the procedure of exploitation,
and the results. You must prove that your tests are original.
7. A conclusions chapter which summarizes major findings of the study and
indicates future work which should be conducted in the area.
8. A bibliography list of all cited papers and other resources. You must use
in-text citations in Harvard style and each citation must correspond to a
bibliography entry. There must be no bibliography entries that are not cited
in the report. (You should know the contents from this page
http://www.deakin.edu.au/students/study-support/referencing/harvard.)
