Commit aea1c861 authored by Joonatan Ovaska's avatar Joonatan Ovaska
Browse files

Upload New File

parent d71cc887
# Week05 assignments (20 points)
Preparation:
* [Target application]
* Update Wasdat if needed. Example flow in `~wasdat/` directory:
* `docker-compose -f docker-compose-week4-special.yml down -v` # removes volumes (test data you created will be removed)
* `git pull`
* `docker-compose -f docker-compose-week5-special.yml up --force-recreate -d`
* Verify top left of Wasdat GUI shows version: `client=week10-11-a;backend=week09-a`
* Force refresh the browser (CTRL+Shift+R or CTRL+F5) if needed
## First part A9:2017-Using_Components_with_Known_Vulnerabilities (10 points)
Assignment (10 pts):
* [Watch, read and answer] (2 pts)
* Lecture video
* [OWASP Top Ten: Using Components With Known Vulnerabilities](https://www.youtube.com/watch?v=IGsNYVDKRV0)
* OWASP Top 10 Using Components with Known Vulnerabilities
* https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities
* In your own words try to describe what all are included when speaking of web application components and their vulnerabilities
---
* [Issue report] Juice Shop - Kill Chatbot (3 pts)
Tasks:
* Complete the challenge
* https://pwning.owasp-juice.shop/part2/vulnerable-components.html#permanently-disable-the-support-chatbot
In your report:
* You don't need to document the preparation steps - focus on the exploit step and describing why it works
* As usual, refer to "Issue report" from Assignment instructions (don't forget mitigation section!)
* For mitigation tips, check https://owasp.org/www-project-top-ten/2017/A9_2017-Using_Components_with_Known_Vulnerabilities.html
---
* [Issue report] WasDat Using Components with Vulnerabilities (5 pts)
Introduction:
In this week you are dealing with components with vulnerabilities. The target application is WasDat. WasDat frontend has a new component which along with its normal functionality unwillingly exposes sensitive data to the 3rd party. Your job is to perform analysis how the data is exposed and write a proper issue report.
Tasks:
* Release Notes
* Read about the latest changes to WasDat from Release Notes (`/#/releasenotes`)
* Based on this information locate the functionality on application you might think to being related to the data exposure
* Find out the details about how WasDat leaks sensitive data
* Provide example of HTTP request leaking the sensitive data
* In where the sensitive data is placed?
* How the sensitive data is encoded?
* What kind of sensitive data is exposed?
In your report:
* As usual, refer to "Issue report" from Assignment instructions (don't forget mitigation section!)
## Second part A10_2017-Insufficient_Logging & Monitoring
Assignment (10 pts):
* [Issue report] Using Components with Known Vulnerabilities: WasDat's heart is bleeding (5 pts)
Introduction:
Like any other modern web application WasDat is now also using TLS/SSL for traffic encryption between connection parties. Just browse `https://localhost` and all information like usernames and passwords are transferred safely.
However, there have been a lot of pressure and lack of knowledge when changes have been made to the web server. This has led to the point where the web server WasDat is run on has now a component with well-known vulnerability.
What makes situation even worse is that the scanning and exploiting of vulnerability is quite trivial do for example using nmap NSE scripts or metasploit module. In worst possible scenario, exploitation of vulnerability leaks a sensitive data like cryptographic keys, usernames, passwords etc. Also, abusing this vulnerability does not leave any traces to the logs. This is quite critical, isn’t it.
Your job is to find the vulnerability and write a proper issue report.
Tasks:
* Identify the vulnerability (2 pts)
* Use a tool like nmap (with NSE scripts) or metasploit to find out what kind of vulnerability is in question
* Provide sufficient details about the vulnerability
* Exploit the vulnerability (3 pts)
* Prove that the vulnerability really exists on web server and has the impact you have described in identifying section
* You can use pre-existing metasploit module for exploitation
* Provide commands you used and tool outputs (text + screenshots)
In your report:
* As usual, refer to "Issue report" from Assignment instructions (don't forget mitigation section!)
---
* [Watch & read]
* Lecture video
* [OWASP Top Ten: Insufficient Logging and Monitoring](https://www.youtube.com/watch?v=IFF3tkUOF5E)
* Reading material
* [OWASP Top 10: Insufficient Logging & Monitoring](https://owasp.org/www-project-top-ten/2017/A10_2017-Insufficient_Logging%2526Monitoring)
---
* [Essay] Insufficient logging and monitoring (5 pts)
* Based on lecture video and reading material write a short essay (1-2 pages) about insufficient logging and monitoring and possible improvements for them
* Why insufficient logging and monitoring is an issue?
* Provide a real-world example where insufficient logging and monitoring has allowed attacker possibility to succeed its campaign
* What means can be used to improve logging and monitoring?
* What all should be logged and where?
* What kind of tools should be used for logging and monitoring. Consider the benefits and lacks at least of following tools and systems
* Web Application Firewalls (WAFs)
* Reverse proxies
* Intrusion detection and prevention (IDS/IPS) systems
* How you can verify that the actions you want to log and monitor really gets detected and logged?
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment