There are three sets of specific WebGoat labs this term: Module $4,$ Module $7,$ and Module $10.$ This is the second set. You will be doing, documenting, and reflecting on all the exercises under A$5,$ A$6,$ A$8,$ A$9,$ A$10,$ and Client Side. The WebGoat assignments are research and understand assignments $($aka "know it if it came up and bit you"$),$ more than knowing precisely how to complete every exercise $($although if you can complete the exercises do consider a penetration testing career path, recognizing that there aren't a lot of positions in that area$).$ We are not expecting you to know how to do everything, but we would like to see what you tried, why did it work, and what did you learn from it$.$ If you are stumped on an exercise, mark that as "for later" and come back to it$.$

Instructions $($Click to Explore$)$

Keeping good notes during your WebGoat adventure is very important. You may not know immediately if something you come across is important until much later. You may also make notes on how you conducted a certain procedure in case you need to repeat it later. In the real world notes are also very important when you finally have to write a report for your employer or customer. You should go back frequently and review your previous notes to see if they prompt you to do anything different.

Compose your documentation as though you were a penetration tester writing a report for a client. This is a role$-$playing assignment.

For each of the exercises, include:

Exercise Title and Objective: Start with the name of the exercise and a brief description of its objective. This sets the context for the reader.

Methodology: Describe the approach and tools used to carry out the exercise. This includes any particular strategies employed, types of attacks attempted $($if any$),$ and tools or scripts used.

Steps Taken: Enumerate the steps taken during the exercise in a clear, sequential order. This should include:

Specific actions performed $($e$.$g$.,$ entering a command$)$

Screenshots to illustrate critical steps or findings. This helps in visualizing the process.

Any challenges encountered and how they were addressed.

Results and Findings: Summarize the results of the exercise. This should include:

Vulnerabilities discovered $($if any$).$

Data or access gained as a result of the exercise.

Any unexpected outcomes.

Analysis and Conclusions: Provide an analysis of the exercise outcomes. Discuss:

The implications of the findings $($e$.$g$.,$ potential impact of a real$-$world exploit$).$

Any insights gained about the system's security posture.

Recommendations: Offer recommendations based on the findings. This may include:

Suggestions for mitigating identified vulnerabilities.

Recommendations for improving security practices or configurations.

Reflection: Reflect on the exercise. Discuss:

What you learned from the exercise.

How you might approach it differently in the future.

Any broader cybersecurity principles illustrated by the exercise.

References: Include any references to tools, methods, or documentation used during the exercise.dddfdjvfudhjvhjfv