Proj X14: Security Shepherd Challenges (Up to 20 pts.)
What You Need for This Project
- A Mac or PC
- Firefox connecting through a Burp proxy
- A Security Shepherd account, which you prepared in a previous project
The Security Shepherd Challenges are
useful practice. Try figuring them out
without help, and use the Cheat button
if you need it.
Do Project 14 First
In project 14, you created your account and solved
four challenges. In this project, you
solve an additional four challenges.
You may do any of the Challenges you
wish, but I recommend these ones,
which match the lessons you did in
the previous project.
- Insecure Direct Object References
- Cross Site Request Forgery
- Insecure Cryptographic Storage
Do Four More Challenges
Do any four additional challenges,
for a total of eight. I recommend
doing some in each of the
The "Cross Site Request Forgery"
challenges require a second Security
Shepherd user to view the challenge
page. Here are some ways you can
- Work with a second student on th3
same challenge at the same time
- Use a second browser logged into a second
account you made yourself
- Use a second browser logged in to
my test account: YOURNAME
with password P@ssw0rd
Capture a Screen Image
When you have completed the lessons,
capture full-screen images showing
your Security Shepherd username in the
top right, and the new check marks
on the left side, as shown below.
Each check mark (after the first 4 you
earned in the previous project)
is worth 5 pts.
It will probably
take several images to
show all the check marks.
The image below would be worth 5 pts.
Turning in your Project
Email the images
to firstname.lastname@example.org with the subject line:
Proj X14 from YOUR NAME
Posted 11-9-15 by Sam Bowne
Last revised 11-28-16