Proj 17x: Security Shepherd Challenges (Up to 40 pts.)
What You Need for This Project
- A Mac or PC
- Firefox connecting through a Burp proxy
- A Security Shepherd account, which you prepared in a previous project
The Security Shepherd Challenges are
useful practice. Try figuring them out
without help, and use the Cheat button
if you need it.
You may do any of the Challenges you
wish, but I recommend these ones,
which match the lessons you did in
the previous project.
- Insecure Direct Object References
- Cross Site Request Forgery
- Insecure Cryptographic Storage
Do Eight Challenges
Do any eight challenges. I recommend
doing some in each of the
The "Cross Site Request Forgery"
challenges require a second Security
Shepherd user to view the challenge
page. Here are some ways you can
- Work with a second student on th3
same challenge at the same time
- Use a second browser logged into a second
account you made yourself
- Use a second browser logged in to
my test account: YOURNAME
with password P@ssw0rd
Capture a Screen Image
When you have completed the lessons,
capture full-screen images showing
your Security Shepherd username in the
top right, and up to eight check marks
on the left side, as shown below.
Each check mark is worth 5 pts.
It will probably
take several images to
show all the check marks.
The image below would be worth 5 pts.
Turning in your Project
Email the image
to firstname.lastname@example.org with the subject line:
Proj 17 from YOUR NAME
Posted 11-9-15 by Sam Bowne