INSC561_Project1

.docx

School

George Washington University *

*We aren’t endorsed by this school

Course

INSC561

Subject

Information Systems

Date

Jun 27, 2024

Type

docx

Pages

15

Uploaded by a_rod_19

Group Project 1 [Group X] 1
Task 1: Gathering information on a target By relying on one of our three toolkits, you show how to explore the contents and functionality of the target (please choose only one website for your final report, although you might explore more than one website). Target: bWAPP Toolkit: OWASP ZAP 2
The spider analysis in OWASP ZAP (Zed Attack Proxy) is an automated tool that explores and maps out a web application by following links, identifying pages, forms, and other resources. It starts by visiting a specified URL and follows all links on that page, including hyperlinks, form actions, and dynamically generated links through JavaScript. The spider can also automatically submit forms to access pages that require user input. As it crawls the website, the spider identifies both static resources (such as HTML pages, images, CSS, and JavaScript files) and dynamic resources (such as content loaded via AJAX requests). It executes JavaScript to discover client-side generated links, ensuring comprehensive coverage of the website. The spider logs all HTTP requests and responses during the process, which can be reviewed for further analysis. This process builds a detailed site map of the application, outlining its structure and organization, including hidden paths and endpoints that may not be directly linked from the main pages. This thorough mapping is crucial for identifying areas that need further security testing and conducting vulnerability assessments. By providing a detailed overview of the entire application, the spider analysis in ZAP aids in gaining a comprehensive understanding and evaluation of the web application's security. 3
POST Login information (HTTP POST Request) Correct Credentials Information Request Incorrect Credentials Information Request 4
The POST login information process involves capturing user credentials through a login form, securely transmitting these credentials to the server using an HTTP POST request. The server then validates the credentials against stored data, creates a session upon successful authentication, and sends a session token or cookie back to the client. This token or cookie allows the user to remain authenticated for subsequent requests without needing to log in again. If the login fails, the server responds with an error message prompting the user to retry. 5
POST Login information (HTTP POST Response) Correct Credentials Information Response 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help