The implementation of project involves hosting a web server and to check different vulnerabilities present on it with the help of different tools.
1. Chapter 1: Introduction
- About the project
- What is Vulnerability?
- Vulnerability assessment
- Penetration testing
- Windows Server 2008R2
- Processor
- Memory
- Disk space requirement
2. Chapter 2: Literature Review
- Requirements
- Processor
- Memory
- Tools
- Damn vulnerable web app (DVWA)
- Metaspoil
- NESSUS
- XAMPP (Cross Site Scripting)
- John the Ripper
3. Chapter 3:- Implementation
- DVWA
- SQL injection
- Menu
- Basic injection
- Always true scenario
- Display database version
- Display database user
- Display database name
- Display all tables in information schemes
- John the Ripper
- XSS
- XSS stored menu
- Reflected
- NMP
- Perform a quick scan
- Output analysis
- Perform intense scan
- Version analysis
- Operating system details
- OD footprint analysis
- Host scripting result analysis
- Open up a command prompt
- NESSUS terminology
- Logging in NESSUS
- Creating a Basic Web Application Scan Policy
- Create basic run template
- Running basic scan template
- Reviewing the scan report
- TAMPER data
- Start DVWA
- Creating an advanced scan template
- Running basic scan template
- Reviewing the scan report
- Downloading core compact (True) Metaspoil
- MSF console
4. Chapter 4:- Results
5. Chapter 5:- Conclusion
6. Chapter 6. Bibliography
If we compare the low security level source code to the high security level one we found that the high security level source code has some extra input sanitisation. Both the $ name and $ message variables are passed through the html special chars () PHP function. The html special chars()function converts special characters to HTML entities, therefore the user input is HTML encoded meaning that it is just displayed as normal HTML rather than being executed.