Learning Goals of this Project:

You will be learning about modern web based security vulnerabilities in this project. A majority of the attacks are based on the OWASP Top 10 list which is produced and updated every few years.

In particular we will cover these learning topics:

• Basic web technologies, HTML, CSS & JavaScript
• The HTTP protocol
• XSS (Cross-Site Scripting) Attacks
• XSRF (Cross-Request Forgery)
• SQLi (Sql Injection Attacks)
• Mis-configuration of server side web servers
• Client-side JavaScript library vulnerabilities

The final deliverables:

A single JSON formatted file will be submitted to Gradescope.

See Submission Details for more information.

Important Reference Material:

• Representational State Transfer
• JSON
• Eloquent Javascript
• HTML Forms

Submission:

Gradescope (autograded) - see Submission Details

Virtual Machine:

• Apple M1 based systems
  
  • Refer to the Apple M-Series VM Emulation Guide (Unofficial) section
• Intel/AMD x64 version

Table of contents

• Project Background
• Flag 1
• Flag 2
• Flag 3
• Flag 4
• Flag 5
• Flag 6
• Flag 7
• Flag 8
• Submission