Skip to content

Week 3 Labs

This week we will start looking at how we can map an application, and try to identify possible attack surfaces.

We will be looking at a new demo machine, and also at some data collected from a Live Site.

Getting the Machine

You can get a copy of the target from the Github Repo

Tasks

Mapping the Application

Take a look at the Black Hat Books site. Keep track of your findings in a short report.

Try mapping the application identifying:

  • Data Endpoints
  • Types of information sent in Requests / Responses
  • Different levels of Authentication / Authorisation

Once you have Identified endpoints, try seeing where controls for authentication / authorisation could be abused. What recommendations would you make the the developers?

You also have some creds:

  • Admin
    • bernard@blackbooks.net
    • nipsey
  • User
    • manny@blackbooks.net
    • lavender

Questions From the Lecture Notes

If you haven't already use the aula (or feel free to discuss in the lab) the following questions from the matierals

Agile and Security

Rapid Application Development (RAD) appoaches such as Agile are popular for web development. Here, tasks and functionality are broken into "sprints" where the focus is on implementing small chunks of code in a short time frame[^agile]. The approach ephasises flexibility and a focus on the actual development, rather than the longer drawn out planning phases involved in traditional software development.

This rapid development is great for getting functionality implemented quickly and efficiently. It also allows developers to respond to problems during development.

However, this seems to go against the requirements for security. Where a more strucured approach to development seems to be required

Can Agile development also be secure ?
What are your views,  can you think of ways that we could incoproate security with rapid development?

Dont worry too much if you havent come across agile before, the question is more about getting you to think
around how security could be added to development, than the specific software design process.

What else might we find useful

The list mapping recon to possible attacks, in the summary has the main elements we might want to look for, without getting too specific. However, there are other more specialised areas we may want to consider. .

Using the feed on aula, discuss: - Other items you think it may be helpful to identify. - Are are any attack types that we should consider also

We will collate them and discuss shortly.

Back to top