Introduction To OWASP Top Ten: Capstone - Scored
Cyberscore

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Time
1 hour 30 minutes
Difficulty
Intermediate

This lab is a capstone event for the ten Intro to the OWASP Top Ten labs. It incorporates all ten vulnerabilities in a simulated website.

Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.

Overview

This CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab incorporates all ten vulnerabilities in a simulated website. The lab consists of 20 tasks that are all scored. CybrScore uses an auto-scoring technology that is designed to track your progress as you successfully complete the lab.

The objective of this CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab is to test the student's understanding of the OWASP Top Ten and their ability to discover and exploit simple examples of them in a web application. While the tasks are provided, the methods and techniques to accomplish them, are not. There are multiple ways of performing each assigned task and you need to come with that knowledge already in hand.

A scenario is provided once you launch the CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab environment. The scenario is based around a bank that just launched their first attempt at online banking. They recently learned about the OWASP Top Ten and they want to test their application to ensure that they are secure. They have called you in to test their site. As in the case of any penetration test or a security assessment, it is important to stay in scope. The scope of this assessment is outlined in the instructions that are provided.

Each step that you must perform is clearly explained within the CybrScore environment. The goal is to discover each of the flags and enter them into an answer text file. As you complete each phase, a running score is tabulated that you can access and check at any time during the CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab.

Starting with a simple log on to Kali and the launching of a few tools, the lab then proceeds to the actual steps that each demonstrate an OWASP Top Ten Vulnerability.

A1: Injection Authentication Bypass

A2: Broken Authentication Access the Restricted Page

A3: Sensitive Data Exposure Find Exposed Passwords

A4: XML External Entities View /etc/passwd File

A5: Broken Access Control Create New User Test Funds Transfer Steal Lumic's Money

A6: Security Misconfiguration Obtain the Database Password

A7: Cross-Site Scripting (XSS) Steal Cookies

A8: Insecure Deserialization Access the Secret Page

A9: Using Components with Known Vulnerabilities Scan for Vulnerable Scripts Own the InsecureBankCorp Server

A10: Insufficient Logging & Monitoring Add Several Login Failures View the Log File

In view of the fact that most of these vulnerabilities have been around for years, this CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab is still relevant and needs to be utilized for learning both Red Team and Blue Team techniques.

Click on the launch button to start the lab.