For this assignment I need you to do a pen testing on the webserver. Use 3 of the top 10 vulnerabilities from OWASP to find the website weakness. Write an assessment report on what you find.
Tools:Kali Linux, WebGoat, visual studio, and other free tools that you can find.
Instruction:
- Go to the website: https://pentest.trutiksoftware.com/Account/Login to perform a pen testing.
- Perform 3 vulnerabilities OWASP:
A2-Broken Authentication and Session Management, A3-Cross-Site Scripting (XSS), A7-Missing Function Level Access Control.
- List step by step on your work and provide multiple screenshots of your work. Make sure that you provide detail instruction so that a beginner can follow and able to perform a pen test if they are looking at the instruction. For example: step 1 (click on this search box and enter the following codes), step 2, etc…
- Compare the method that you do with WebGoat. Does the tutorial from WebGoat work on the webserver that you try to pen test?
- After you perform the pen test, write a security assessment report on what you find. What kind of codes, security weakness you find in the webserver. How do you prevent it?
- Words limit: 2500 or less than.
Login Credentials:Black box testing: https://pentest.trutiksoftware.com/
Tenant :pentest
Email :
[email protected]Password: Pen#123
Try to get in without use the password. If you are finding a hard getting in then there are the credentials.
Again, if a hashing algorithm or rainbow table is going to be used please restricted to less than 1 min intervals.
Allowed Servers:
Database:
SQL5030.Smarterasp.net
DB_A151F8_andresdev_admin
DB_A151F8_trutikdev_admin
Webservers:
Dev.trutik.com
Dev.trutiksoftware.com
Introduction to ScopeThe scope will be against Trutik Dev environment. Only dev servers and localhost will be allowed to be pen tested and available for this assessment.
Primary pen test investigation should be against OWASP top 10 vulnerabilities.
DoS TestingBasic stress testing is permitted for no more than 1 minute of execution.