Introduction to owasp zap | Information Systems homework help
For this lab, you will provide a detailed analysis using both manual interception techniques and automatic scanner attacks on the http://localhost/week4/loginAuth.html. You should run the manual interception techniques first, and describe in detail the information revealed to you during your analysis. Be sure to provide screen captures of you running of the tool and analyze all files used for the application (loginAuth.html, authcheck.php and logout.php). Try to modify the http messages and look for possible vulnerabilities. This is the important discovery portion of your analysis. When you run the automatic scan, be sure to generate an HTML report showing all alerts. Also, describe the active scan activity. For each alert, discuss all of the output and try possible solutions. Be sure to describe how you prioritized alert messages. Try to resolve all alerts and document specifically your process in resolving those alerts. Rerun the scanner after you have fixed as many issues as you can to demonstrate your success. For your deliverables, you should submit a zip file containing your word document (or PDF file) with screen shots of your scans. Be sure to include the descriptions and analysis of your results, your prioritization and approach to mitigating the issues. Also, include the reports from your scan. Your report should be well-organized and clearly written. This report is aimed at your Chief Security officer who pays your salary. He is a technical geek and wants details, clarity and something he can pass on to others to make sure you have job security for years to come. Have fun with this! Include your full name, class number and section and date in the document.