Scribd
Upload
28 views2 pages

B 15 Project

This document provides instructions for setting up a lab to teach students about cross-site scripting (XSS) attacks using a vulnerable web application called DVWA. The lab involves creating two virtual machines, one for a web server with DVWA installed and one for an attacker. It then outlines installing and configuring DVWA on the web server, setting up networking between the VMs, and provides exercises for students to introduce XSS, demonstrate cookie theft, and explore prevention techniques by modifying DVWA's security settings. The document stresses the importance of ethical behavior and legal compliance for the lab activities.

Uploaded by

khachistan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views2 pages

B 15 Project

This document provides instructions for setting up a lab to teach students about cross-site scripting (XSS) attacks using a vulnerable web application called DVWA. The lab involves creating two virtual machines, one for a web server with DVWA installed and one for an attacker. It then outlines installing and configuring DVWA on the web server, setting up networking between the VMs, and provides exercises for students to introduce XSS, demonstrate cookie theft, and explore prevention techniques by modifying DVWA's security settings. The document stresses the importance of ethical behavior and legal compliance for the lab activities.

Uploaded by

khachistan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Assessment Q1.

B-15
to create a lab for educational purposes to teach students about XSS (Cross-Site Scripting) using DVWA
(Damn Vulnerable Web Application) in a controlled and ethical manner.

Prerequisites:

1. Virtualization Software:

 Install a virtualization platform like VMware or VirtualBox on your host machine.

2. Virtual Machines (VMs):

 Create at least two virtual machines – one for the web server with DVWA installed and
one for the attacker.

Lab Setup:

1. DVWA Setup:

 Install DVWA on the web server virtual machine. You can find DVWA at:
https://dvwa.co.uk/

 Configure DVWA with a database and set up the necessary security settings.

2. Web Server Configuration:

 Configure the web server to host DVWA securely.

 Enable HTTPS to demonstrate the impact of XSS attacks on secure connections.

3. Attacker VM Setup:

 Install a penetration testing distribution like Kali Linux on the attacker's virtual machine.

 Include tools for web application testing, such as Burp Suite.

4. Networking:

 Set up a virtual network to connect the web server and attacker VMs.

 Ensure that the attacker VM can communicate with the DVWA application.

Lab Exercises:

1. Introduction to XSS:

 Provide an overview of what XSS is and the potential impact on web applications.

2. Cookie Theft:

 Showcase how an attacker could use XSS to steal cookies and session information.

 Discuss the potential consequences of session hijacking.

3. XSS Prevention Techniques:


 Discuss best practices for preventing XSS, such as input validation and output encoding.

 Modify the DVWA settings to implement various security levels and observe the impact
on XSS attacks.

4. Reporting and Reflection:

 Have students document their findings, including the steps taken to perform XSS attacks
and potential mitigations.

Notes:

 Ethical Considerations:

 Emphasize the importance of ethical behavior and responsible disclosure during the lab.

 Legal Compliance:

 Ensure that all activities conducted in the lab comply with relevant laws and policies.

 Lab Safety:

 work in a controlled environment and not to use the acquired knowledge for malicious
purposes.

Q2. Install and test mod_security firewall on kali Linux as well mention standardization that
Mod_Security follows.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy