forked from cliffe/SecGen
-
Notifications
You must be signed in to change notification settings - Fork 0
/
1_intro_web_security.xml
172 lines (151 loc) · 7.13 KB
/
1_intro_web_security.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
<?xml version="1.0"?>
<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
<name>Introducing Web security</name>
<author>James Davis</author>
<description>
# Introduction
In this lab you will delve into concepts and practical exercises that will equip you with a foundational understanding of web security. This hands-on lab explores various aspects of web security, starting with an introduction to client-server interactions using HTTP (HyperText Transfer Protocol). The lab guides you through simulating a web server from scratch using tools like netcat, creating dynamic web pages with PHP, and understanding the intricacies of client-server architecture. The importance of local web proxies, illustrated through the use of Zed Attack Proxy (ZAP), is emphasized as a means to intercept and modify web traffic for security testing purposes. The lab further introduces fuzzing techniques in ZAP and encourages practical application through tasks such as intercepting and altering HTTP requests.
Throughout this lab, you will learn by doing, actively engaging in activities. As part of the hands-on experience, you will also work through scored flag-based tasks, such as completing challenges related to Insecure Direct Object References. By the end of the lab, you will have acquired a solid foundation in web security fundamentals, simulation of web server activities, and practical skills in using tools like ZAP for security testing and assessment. This sets the stage for deeper exploration and learning in subsequent topics, contributing to the development of your web security expertise.
</description>
<lab_sheet_url>https://docs.google.com/document/d/1vLy56U53lqb8ZpQVLwxznCBsGv0KPM_uXJW1WD5DCiI/edit?usp=sharing</lab_sheet_url>
<type>ctf-lab</type>
<type>lab-sheet</type>
<difficulty>intermediate</difficulty>
<CyBOK KA="WAM" topic="Fundamental Concepts and Approaches">
<keyword>JAVASCRIPT</keyword>
<keyword>HYPERTEXT MARKUP LANGUAGE (HTML)</keyword>
<keyword>CASCADING STYLE SHEETS (CSS)</keyword>
<keyword>HYPERTEXT TRANSFER PROTOCOL (HTTP)</keyword>
<keyword>HYPERTEXT TRANSFER PROTOCOL (HTTP) - PROXYING</keyword>
<keyword>Broken Access Control / Insecure Direct Object References</keyword>
<keyword>CLIENT-SERVER MODELS</keyword>
</CyBOK>
<CyBOK KA="WAM" topic="Server-Side Vulnerabilities and Mitigations">
<keyword>server-side misconfiguration and vulnerable components</keyword>
</CyBOK>
<CyBOK KA="SS" topic="Categories of Vulnerabilities">
<keyword>Web vulnerabilities / OWASP Top 10</keyword>
</CyBOK>
<CyBOK KA="SS" topic="Detection of Vulnerabilities">
<keyword>dynamic detection</keyword>
</CyBOK>
<system>
<system_name>web_server</system_name>
<base distro="Debian 10" type="desktop" name="KDE"/>
<input into_datastore="IP_addresses">
<!-- 0 web_server -->
<value>172.16.0.2</value>
<!-- 1 kali -->
<value>172.16.0.3</value>
</input>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<generator type="account">
<input into="username">
<value>shepherd</value>
</input>
<input into="password">
<value>tiaspbiqe2r</value>
</input>
<input into="super_user">
<value>false</value>
</input>
</generator>
</input>
</utility>
<vulnerability module_path=".*/security_shepherd">
<input into="modules">
<generator type="ss_modules">
<input into="filter">
<value>Insecure Direct Object References</value>
</input>
</generator>
</input>
<input into="unix_username">
<value>shepherd</value>
</input>
<input into="flag_store" into_datastore="flag_store">
<generator type="flag_generator" module_path=".*base64">
<input into="iterations">
<value>1</value>
</input>
</generator>
</input>
</vulnerability>
<input into_datastore="spoiler_admin_pass">
<generator type="strong_password_generator"/>
</input>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
<utility module_path=".*/hosts_legacy">
<input into="hosts">
<value>webserver</value>
<value>kali</value>
</input>
<input into="IP_addresses">
<datastore access="0">IP_addresses</datastore>
<datastore access="1">IP_addresses</datastore>
</input>
</utility>
<network type="private_network">
<input into="IP_address">
<datastore access="0">IP_addresses</datastore>
</input>
</network>
</system>
<system>
<system_name>kali</system_name>
<base distro="Kali" name="MSF" />
<input into_datastore="kali_account">
<value>
{"username":"kali","password":"kali","super_user":"true","strings_to_leak":[],"leaked_filenames":[]}</value>
</input>
<utility module_path=".*/parameterised_accounts">
<input into="accounts">
<datastore>kali_account</datastore>
</input>
</utility>
<vulnerability module_path=".*/webgoat">
<input into="port">
<value>8085</value>
</input>
</vulnerability>
<utility module_path=".*/kali_web" />
<utility module_path=".*/iceweasel">
<input into="accounts">
<datastore>kali_account</datastore>
</input>
<input into="autostart">
<value>true</value>
</input>
<input into="start_page">
<value>http://localhost:8085/WebGoat|webserver</value>
</input>
</utility>
<utility module_path=".*/hosts">
<input into="hosts">
<value>webserver</value>
<value>kali</value>
</input>
<input into="IP_addresses">
<datastore access="0">IP_addresses</datastore>
<datastore access="1">IP_addresses</datastore>
</input>
</utility>
<build type="cleanup">
<input into="root_password">
<datastore>spoiler_admin_pass</datastore>
</input>
</build>
<network type="private_network">
<input into="IP_address">
<datastore access="1">IP_addresses</datastore>
</input>
</network>
</system>
</scenario>