Introduction To OWASP Top Ten: Capstone - Scored
CYBRScore
Virtual Lab

Time
1 hour 30 minutes
Difficulty
Intermediate

This lab is a capstone event for the ten Intro to the OWASP Top Ten labs. It incorporates all ten vulnerabilities in a simulated website.

Start your free 3-day trial and become one of the 3 million Cybersecurity and IT professionals advancing their career goals

Sign up with
Or

Already have an account? Sign In »

Overview

This CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab incorporates all ten vulnerabilities in a simulated website. The lab consists of 20 tasks that are all scored. CybrScore uses an auto-scoring technology that is designed to track your progress as you successfully complete the lab.

The objective of this CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab is to test the student's understanding of the OWASP Top Ten and their ability to discover and exploit simple examples of them in a web application. While the tasks are provided, the methods and techniques to accomplish them, are not. There are multiple ways of performing each assigned task and you need to come with that knowledge already in hand.

A scenario is provided once you launch the CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab environment. The scenario is based around a bank that just launched their first attempt at online banking. They recently learned about the OWASP Top Ten and they want to test their application to ensure that they are secure. They have called you in to test their site. As in the case of any penetration test or a security assessment, it is important to stay in scope. The scope of this assessment is outlined in the instructions that are provided.

Each step that you must perform is clearly explained within the CybrScore environment. The goal is to discover each of the flags and enter them into an answer text file. As you complete each phase, a running score is tabulated that you can access and check at any time during the CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab.

Starting with a simple log on to Kali and the launching of a few tools, the lab then proceeds to the actual steps that each demonstrate an OWASP Top Ten Vulnerability.

A1: Injection Authentication Bypass

A2: Broken Authentication Access the Restricted Page

A3: Sensitive Data Exposure Find Exposed Passwords

A4: XML External Entities View /etc/passwd File

A5: Broken Access Control Create New User Test Funds Transfer Steal Lumic's Money

A6: Security Misconfiguration Obtain the Database Password

A7: Cross-Site Scripting (XSS) Steal Cookies

A8: Insecure Deserialization Access the Secret Page

A9: Using Components with Known Vulnerabilities Scan for Vulnerable Scripts Own the InsecureBankCorp Server

A10: Insufficient Logging & Monitoring Add Several Login Failures View the Log File

In view of the fact that most of these vulnerabilities have been around for years, this CybrScore Introduction-to-OWASP-Top-Ten-Capstone-Scored lab is still relevant and needs to be utilized for learning both Red Team and Blue Team techniques.

Click on the launch button to start the lab.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.

Courses

LEARN MORE. ACHIEVE MORE.

Connect the pieces

Completing a Virtual Lab is one thing, mastering the skill is another.

Master the skill and take this virtual lab in an expertly designed Course.

LEARN MORE. ACHIEVE MORE.

Connect the pieces

Completing a Virtual Lab is one thing, mastering the skill is another.

Master the skill and take this virtual lab in an expertly designed Course.