For this final lab you will use the tools and techniques used throughout the course to analyze and mitigate and document the results of two LAMP applications. The first application you will analyze is the e-Commerce application you wrote during week 7. For the second application you will use a prototype UMUC tutoring LAMP application which you will need to install on your VM and then run the analysis, fix all vulnerabilities and document the results.
In both applications, you are expected to perform the scanning using ZAP research the results, identify and fix software vulnerabilities, and professionally document your process and final results.
As part of the submission for this Lab, you will run manual and automatic attacks on your week7 lab submission and the UMUC Tutor app on your VM.
Be sure to work on each application separately and document the issues you found and the process you used to fix the applications. You can provide the findings in one well-organized document. You should work to eliminate all alerts in both applications and clearly document specifically what you did to mitigate each issue.
Create screen shots demonstrating your process and results. The document should be well-organized and include a table of contents, page numbers, figure and table numbers. The writing style should be paragraph style with bullets used very sparingly to emphasize specific findings. In other words, this should be a professional report and demonstrate mastery of writing.
Be sure your process includes both manual and automatic scanning. When researching your security alerts, be sure to document your references using APA style. You should show both before and after fix vulnerability reports. Your final vulnerability report should show zero alerts and vulnerabilities.
For your deliverables, you should submit a zip file containing your word document (or PDF file) along with the before and after application files. (including sql and parameter files) If you made changes to your VM environment (e.g. security.conf, apache2.conf, php.ini) you should provide those files also.
Lab9-LAMPZap.pdf – Has submission details.
Lab 8.zip- Run attack on this app
UMUCTutorLamp.zip- Run attack on this app also
0 comments