Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The Insecure Web App is an open source database driven J2EE web application rele

ID: 3815095 • Letter: T

Question

The Insecure Web App is an open source database driven J2EE web application released through the Open Web Application Security Project (OWASP) (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project). It contains a variety of vulnerabilities including SQL injection, XSS, Parameter tampering, and broken authorization and authentication, to name a few.

The purpose of this subproject is to conduct vulnerability assessment of the Insecure Web App.

Before starting, you need to install the insecure Web App. The instructions to install the app on Kali are given in the appendix below.

After launching the application (using a web browser), click on the link ‘Instructions’ to access the guidelines and application overview.

The ‘Application Overview’ section provides a brief description of the different use cases underlying the application and lists different challenge questions in terms of vulnerability assessment.

For this subproject, you are required to answer only one challenge, which is the following:

Challenge # 3: Forceful Browsing and Parameter Tampering

Explanation / Answer

Forcefull Browsing refers to direct access to authenticated page.

Lets take few examples:

1. When you are logged in to any application you will see change password page under accounts sections. If you are directly able to acess this change password page then it comes under forceful browsring.

2. When your application is intercepted on BURP or ZAP Proxy. Observe response of any captured request it contains headers like 200 OK, 404 Not Found, etc. When there is 302 Redirect and you wil be able to see complete source code of next page where it is redirecting. Next step you need to do is to change the response headder from 302 Redirect to 200 OK and you will be able to access next page forcefully.

Parameter Tampering is to change any parameter value and get direct unauthorised access to authenticated page.

Examples:

1. Modify radio button, check box, etc parameters value in request.

2. Change hidden values in request.

3. Modify parameters values shown in URL like: www.example.com/welcome?id=4

Related Questions

The Ideal Gas Law states that Pressure = R x Density x Temperature: P = x R x T
Question #237019
The Ideal Spot in the Segment Circles So, where should you try to position your
Question #3111057
The Ideal Spot in the Segment Circles ldeal Spots offset from segment center So,
Question #414912
The If Ur What is the coefficient of the permanganate ion when the following equ
Question #925470
The Igneous Rock Identification Chart on p. 5-11 of your lab to answer the follo
Question #237120
The Ignorance Survey: United Kingdon A survey was conducted in the United Kingdo
Question #3276304
The Ignorance Survey: United Kingdon A survey was conducted in the United Kingdo
Question #3302917
The Ilarion Manufacturing Company operates a job-order costing system and applie
Question #2475859
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
The Insect Control Inc. (ICI) has hired you as a consultant to evaluate the NPV
Next
The Institute for Health Metrics and Evaluation reported that the topography of

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.