This project focuses on Web Application Security.
You are going to pick a Web Application threat then design a website which is vulnerable to that threat and demonstrate a successful attack scenario on your website.
Take a look at http://nsw-edu.com/sqlinjection.php I created this just for you within a couple of hours so you can better understand the goals of this project.
The page consists of a simple control menu (Show Table, Show Attack, Reset). Follow a similar simple template for this menu.
Then there is an iframe which loads the vulnerable login page with the vulnerable web application. In my case I have chosen SQL Injection but you can choose any of the major Web Application threats such as Cross-site Scripting. XSS, Session Hijacking, Invalidated redirects and forwards, Missing Function Level Access Control etc.
Go ahead and test the attack scenario on the test page. You will be able to successfully login using SQL injection. You might even try deleting the entire customers table. That's why I have added a reset button which recreates and populates the table.
Host your application and website on the web. Come up with one or multiple attack scenarios which can be actually tested on your website. Add a Reset button to the control menu to make sure the changes can be reverted for multiple testing.
Have all of this in one single interface. Just like the one I did (The control menu is on top and the test login page is loaded on the same page in an iframe)
Technically you will be creating an online penetration testing lab for a specific vulnerability of your choice.
Demonstrate your work on week 11 and 12 with successful attack scenario. Explain why the webpage is vulnerable and how to fix the code. Email me the URL and the scripts you wrote as a zip file.
This project will be 60% and it is the only assessment for you beside the exam which is 40%. You will complete this project individually.