Professional Documents
Culture Documents
Overview
1. You will perform experiments on a vulnerable web site to exploit as many of the top 10
vulnerabilities published by OWASP as you can. You need to find only 5 vulnerabilities
to get the full grade for this project.
2. You may perform this project individually or in teams of 2. I highly encourage you to do
this with a teammate.
3. You will be awarded 20 points for each of the vulnerabilities you can exploit. They must
be from the top 10 list. These web sites have many other vulnerabilities that you can
find, but no points will be awarded for exploiting them.
4. The vulnerable web sites have been around for a long time; consequently, there are
hints and solutions published in various places. You MUST NOT reference these hints
and solutions and you must include an “honor pledge” along with your assignment
stating that you found the answers on your own. On the other hand, you CAN look at
the OWASP web page to examine the links for each vulnerability. These links generally
give some good ideas on how to trigger an exploit.
5. As usual, start early!
What is OWASP?
OWASP stands for the Open Web Application Security Project, an online community that
produces articles, methodologies, documentation, tools, and technologies in the field of web
application security.
OWASP Top 10 is the list of the 10 most common application vulnerabilities. It also shows their
risks, impacts, and countermeasures. Updated every three to four years, the latest OWASP
vulnerabilities list was just updated in 2021 as you will see when you visit their web page at
https://owasp.org/www-project-top-ten/ . Each vulnerability has a link that gives more
information on what it is and how to create a potential exploit.
There are several organizations that publish “vulnerable web sites” on the web for you to
experiment with. Typically, you have to either download a VM image and run it in virtualbox.
You may use any or all of these possible web sites. Note: if you have used any of these sites
before, please use a different vulnerable web site that you are unfamiliar with.
20 points for each vulnerability exploited for a possible total of 100 points.