Web Application Penetration Testing using OWASP Zed Attack Proxy Project, w3af, Back Track, Netsparker, or any other penetration tool

Web Applications Penetration Testing

Web penetration testing tools can be used to evaluate web applications to withstand various security attacks.

Learn how to conduct a pen testing against a web application using one of well-known web applications penetration testing tools such as OWASP Zed Attack Proxy Project, w3af, Back Track, Netsparker, etc.

Requirements:

Need to learn how to install and use a pen testing tool. (e.g.) if you want to use OWASP Zed Attack Proxy Project, which I recommend, refer to the following site. (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)

Use the following URL for the target web application pen testing, http://software-security-class-test-app.azurewebsites.net/

Then, document the testing procedures and results.

The report should include the following items.

A. Include the name and brief description of the used penetration tool

B. Include installation and testing procedures (including screenshots)

C. describe at least two vulnerabilities found by the penetration testing (including result screenshots). It should include what the security vulnerabilities are, how they work, what damage they can cause, how they can be avoided/cured, and so on.

You will find some of the following security vulnerabilities: Access Control Flaws, AJAX Security, Authentication Flaws, Buffer Overflows, Code Quality, Concurrency, Cross-Site Scripting (XSS), Denial of Service, Improper Error Handling, Injection Flaws, Insecure Communication, Insecure Configuration, Insecure Storage, Malicious Execution, Parameter Tampering, Session Management Flaws, Web Services, and so on.