M6.10 Lab
Please write a report on both model 6 and 8 labs that discuss each labs objective and expected outcomes
Introduction
In this activity, you will learn to manipulate the session between the user and the browser.
Instructions
Follow the steps given in the following document:
Burpsuite and DVWA Lab [PDF, 1.2 MB]
After you complete the lab, you will submit a short paper of 2 to 3 pages in a word document listing the following:
List of authentication cookies identified in the lab and include a screenshot of the cookie.
List any security loopholes in the identified authentication cookie as per the security guidelines discussed in the module.
Explain how the items listed in 1 and 2 be used to secure sessions.
In this activity, you will learn to manipulate the session between the user and the browser.
You will use the following tools:
Damn Vulnerable Web App (DVWA) Damn Vulnerable Web App (DVWA) is a
PHP/MySQL web application that is vulnerable. Its main goals are to be an aid for
security professionals to test their skills and tools in a legal environment, help web
developers better understand the processes of securing web applications, and aid
teachers/students to teach/learn web application security in a class room environment.
Burp Suite Burp Suite is a Java application that can be used to secure or crack web
applications. The suite consists of different tools, like a proxy server, a web spider, an
intruder, and a so-called repeater, with which requests can be automated. You will use
this to capture cookies and username and passwords in session happening between the
user and the server.
After you complete the lab, you will:
List authentication cookies identified in the steps.
List any security loop holes in the identified authentication cookie as per the security
guidelines discussed in the module.
Explain how the authentication cookies found in the lab can be used for a Man-in-the-
Middle attack.
Introductory Video
1. Watch the video, Session Hijacking (https://youtu.be/uAHkCRbjPLY)
2. The vulnerable website in this video is the WebGoat site; for your hands-lab, you will
use a similar vulnerable website named DVWA as noted above.
3. Pay particular attention to the way Burp Suite is used for the various session hijacking
activities to give you context as to how hackers can use the tool.
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.
