Introduction To OWASP Top Ten: Capstone - Scored
This lab is a capstone event for the ten Intro to the OWASP Top Ten labs. It incorporates all ten vulnerabilities in a simulated website.
This CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab incorporates all ten vulnerabilities in a simulated website. The lab consists of 20 tasks that are all scored. CybrScore uses an auto-scoring technology that is designed to track your progress as you successfully complete the lab.
The objective of this CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab is to test the student's understanding of the OWASP Top Ten and their ability to discover and exploit simple examples of them in a web application. While the tasks are provided, the methods and techniques to accomplish them, are not. There are multiple ways of performing each assigned task and you need to come with that knowledge already in hand.
A scenario is provided once you launch the CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab environment. The scenario is based around a bank that just launched their first attempt at online banking. They recently learned about the OWASP Top Ten and they want to test their application to ensure that they are secure. They have called you in to test their site. As in the case of any penetration test or a security assessment, it is important to stay in scope. The scope of this assessment is outlined in the instructions that are provided.
Each step that you must perform is clearly explained within the CybrScore environment. The goal is to discover each of the flags and enter them into an answer text file. As you complete each phase, a running score is tabulated that you can access and check at any time during the CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab.
Starting with a simple log on to Kali and the launching of a few tools, the lab then proceeds to the actual steps that each demonstrate an OWASP Top Ten Vulnerability.
A1: Injection Authentication Bypass
A2: Broken Authentication Access the Restricted Page
A3: Sensitive Data Exposure Find Exposed Passwords
A4: XML External Entities View /etc/passwd File
A5: Broken Access Control Create New User Test Funds Transfer Steal Lumic's Money
A6: Security Misconfiguration Obtain the Database Password
A7: Cross-Site Scripting (XSS) Steal Cookies
A8: Insecure Deserialization Access the Secret Page
A9: Using Components with Known Vulnerabilities Scan for Vulnerable Scripts Own the InsecureBankCorp Server
A10: Insufficient Logging & Monitoring Add Several Login Failures View the Log File
In view of the fact that most of these vulnerabilities have been around for years, this CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab is still relevant and needs to be utilized for learning both Red Team and Blue Team techniques.
Click on the launch button to start the lab.
This module for the Introduction to OWASP Top Ten Module covers A1: Injection.
This module for the Introduction to OWASP Top Ten Module covers A2: Broken Authentication.