Lab 3: Web Application Vulnerability Analysis

40:00
Lab Objective: Web Application Vulnerability Assessment
Why This Lab Matters:

Web applications are the primary attack target for cybercriminals. SQL injection, cross-site scripting, and other web vulnerabilities enable data theft, account takeovers, and system compromises. This lab teaches you to analyze vulnerability scan results and prioritize fixes that protect your organization's web assets.

Real-World Application:

Application security teams use tools like OWASP ZAP, Burp Suite, and Nessus to scan web applications for vulnerabilities. After each scan, analysts must sort through hundreds of findings, calculate risk scores using CVSS methodology, and create executive reports that guide remediation efforts. This lab simulates that critical workflow.

Skills You'll Learn:
  • Vulnerability Management: Categorizing and prioritizing security findings by severity
  • Risk Scoring: Calculating quantitative risk scores using industry-standard methodologies
  • Executive Reporting: Translating technical findings into business-focused security reports
  • Remediation Planning: Understanding which vulnerabilities require immediate attention vs. long-term fixes
Task: Follow the interactive vulnerability assessment exercise
Points: 20 points for working vulnerability analysis
Security Scan Data You'll Process
scan_output.json
Website security check results
What's a Security Scan? Like a doctor's checkup for websites. The scan tool visits every page and tests for problems, then creates a JSON report (digital filing cabinet) listing all the security issues found.
Expected Vulnerabilities
  • SQL Injection (Critical)
  • Cross-Site Scripting (High)
  • CSRF Token Issues (Medium)
  • Missing Security Headers (Medium)
  • Information Disclosure (Low)
Analysis Tasks
1. Categorize by Severity
Group vulnerabilities by risk level (Critical, High, Medium, Low)
2. Calculate CVSS Scores
Apply CVSS methodology for risk quantification
3. Generate Executive Summary
High-level risk assessment and recommendations
4. Detailed Findings Report
Comprehensive vulnerability analysis with remediation
Interactive Typing Lab - Web Vulnerability Analysis

Type each line exactly as shown. Press Enter after each line to continue. For empty lines, just press Enter.

Interactive Terminal

Progress: 0/30 lines completed

Back to Main Page
Expected Output - Compare Your Results
WEB SECURITY ASSESSMENT
=========================
High Risk: 3
Medium Risk: 5
Low Risk: 12
Total Issues: 20

Risk Score: 87

CRITICAL FINDINGS:
- SQL Injection vulnerabilities detected
- Cross-Site Scripting (XSS) found
- Missing security headers identified

RECOMMENDATIONS:
1. IMMEDIATE: Fix SQL injection (data breach risk)
2. HIGH PRIORITY: Implement XSS protection
3. MEDIUM: Add security headers (HSTS, CSP)
4. Schedule regular security testing
What This Output Means:
  • High Risk (3): Critical vulnerabilities like SQL injection that could lead to data breaches
  • Risk Score 87: High-risk rating requiring immediate security team attention
  • SQL Injection: Attackers could steal database contents or delete data
  • Cross-Site Scripting: Malicious scripts could hijack user accounts
Grading Criteria (20 points total)
  • Critical vulnerability identification (5 points)
  • High severity analysis (5 points)
  • Risk score calculation (5 points)
  • Remediation recommendations (5 points)
CVSS v3.1 Scoring Reference
Critical
9.0 - 10.0
High
7.0 - 8.9
Medium
4.0 - 6.9
Low
0.1 - 3.9
OWASP Top 10 2021 Reference
  1. Broken Access Control
  2. Cryptographic Failures
  3. Injection
  4. Insecure Design
  5. Security Misconfiguration
  1. Vulnerable and Outdated Components
  2. Identification and Authentication Failures
  3. Software and Data Integrity Failures
  4. Security Logging and Monitoring Failures
  5. Server-Side Request Forgery (SSRF)