https://www.rapid7.com/try-now
In the "InsightAppSec" section, click the "Free Trial" button, as shown below.
On the next page, fill in the form and click Submit, as shown below.
Check your email. Find the message similar to the one shown below, and click the button to set up your account.
Choose a password and log in.
Click "Scan a Rapid7 domain".
On the "Select a Rapid7 All" page, click "http://webscantest.com", as shown below.
Click the Users button.
On the next page, click "Add New App".
The next page sets up a "recommended-webscantest" for you, as shown below.
In the top right, click the "Scan Now" button. In the drop-down list, click recommended-webscantest
At the center left, click Scans. A page shows that there is a scan "Runing", as shown at the bottom of the image below.
Refresh the page occasionally. When I did it, it tool 15 minutes to finish the scan, as shown below.
Results are shown, as shown below.
Click the first item, with a Module Name of "Blind SQL". Details of the vulnerability appear, as shown below.
Scroll down to the "Description" section. Find the OVAL number for this vulnerability, which is covered by a green box in the image below.
Enter that number into the form below to record your success.
If you don't have a Canvas account, see the instructions here.
There's only one "High" severity vulnerability, as shown below.
Find the "DISSA_ASC" number for that vulnerability, as shown below.
If you don't have a Canvas account, see the instructions here.