Description
This assignment is the twin of Assignment 3, and will consist of assessing the Goat applications developed by the other students.
A Virtual Machine will deploy the Goat applications every day at around 0:00, and make it available for assessment.
Students are free to assess the applications and the vulnerabilities present. Please refrain from massive enumeration and scanning without a delay between requests.
The ultimate goal is to find and describe 6 vulnerabilities, one of each category.
All actions are monitored and recorded! Hacking or otherwise attacking the infrastructure, exhausting resources, deleting, modifying or manipulating files that compromise the infrastructure will result in a penalty.
This assignment should be done by groups of 4 students.
Grading
The result should be a series of writeups detailing the vulnerabilities found, added to a github classroom repository.
Students should add one folder per writeup, with a README.MD file describing:
- how the vulnerability is present in the application;
- the associated CWEs;
- the impact of the vulnerability;
- the exploit proof of concept in a writeup;
- recommended mitigation strategies with and without code changes.
- references to tools and other materials used.
- screenshots and other materials used.
Grading will focus on the number of vulnerabilities found and quality of the exploits.