This assignment uses the OWASP SecurityShepherd lessons and challenges that are available on the class server. First, follow the instructions that are in the Canvas announcement for Assignment 5 to see how to access the server and register for an account. You will see a menu on the left side of the screen giving different “levels” of challenges, with increasing difficulty. Everyone should be able to do all of the “Field Training” and “Private” level challenges, and a few of the harder ones.
All exercises on the first two levels are solvable with information we have talked about (or will talk about soon!) in class. Some require the use of an attack tool, such as the Zed Attack Proxy (ZAP) that I will demonstrate briefly in class. This tool can be downloaded from the OWASP ZAP page. There are a few brief videos demonstrating the use of ZAP in the announcement in Canvas.
To submit: You should write up a brief (1-2 sentences) description of each level solved describing the solution and how you figured it out, and should submit this write-up in Canvas. The maximum possible assignment grade is calculated based on the number points earned from challenges, translated as follows:
90 points: 60% (this corresponds to all “Field Training” challenges)
150 points: 70% (all “Field Training” and at least two “Private”)
405 points: 85% (all “Field Training” and “Private”)
500 points: 100% (at least two challenges above “Private”)
Extra credit points will be awarded to any student with more than 500 points, and additional points will be awarded to the first and second place finishers in the class (at the due date – late completions not eligible for the extra credit contest points).