Proj 17x: Security Shepherd Challenges (Up to 40 pts.)

What You Need for This Project

A Mac or PC
Firefox connecting through a Burp proxy
A Security Shepherd account, which you prepared in a previous project

Purpose

The Security Shepherd Challenges are useful practice. Try figuring them out without help, and use the Cheat button if you need it.

Recommended Challenges

You may do any of the Challenges you wish, but I recommend these ones, which match the lessons you did in the previous project.

Insecure Direct Object References
Cross Site Request Forgery
Insecure Cryptographic Storage

Do Eight Challenges

Do any eight challenges. I recommend doing some in each of the categories above.

The "Cross Site Request Forgery" challenges require a second Security Shepherd user to view the challenge page. Here are some ways you can accomplish that:

Work with a second student on th3 same challenge at the same time
Use a second browser logged into a second account you made yourself
Use a second browser logged in to my test account: YOURNAME with password P@ssw0rd

Capture a Screen Image

When you have completed the lessons, capture full-screen images showing your Security Shepherd username in the top right, and up to eight check marks on the left side, as shown below.

Each check mark is worth 5 pts. It will probably take several images to show all the check marks.

The image below would be worth 5 pts.

Turning in your Project

Email the image to cnit.127sam@gmail.com with the subject line: Proj 17 from YOUR NAME

Posted 11-9-15 by Sam Bowne