Assignment Lab - Statement of Work
Client: Liberty Vacation Planning Inc. (LVP)
Project: Website Assessment
1. Project Objectives
With this statement of work, LVP is engaging you to conduct a website assessment to determine whether our new online Vacation Destinations application was developed following current Web application best practices. Specifically, the assessment should identify any security flaws in the code for the search function and the Check Availability page. The objectives of this assessment are as follows:
- Identify any cross site scripting (XSS) flaws in the application using Skipfish or a manual source code review.
- Identify any SQL injection flaws in the application by conducting a source code review.
- Verify that the SQL injection flaws will cause a MySQL database error message to occur in the live application.
Note: The objective of this Statement of Work is to identify (not exploit) the vulnerabilities.
2. Project scope
The scope of the website assessment project is as follows:
- The Vacation Destinations application hosted on our internal Kali Linux web server.
- The Vacation Destinations code (Source_Code_Review.txt) located on the desktop of the provided Kali machine.
Note: Any items not listed here are considered out of scope for this project; the addition of out of scope items to the project scope will not be made without prior approval and authorization from LVP and will be handled through change requests or as separate SOWs.
3. Project deliverables
The deliverable(s) for this project are as follows:
a. Proof of XSS vulnerability
This proof will be provided in the following manner:
A screenshot of either a Skipfish report showing an XSS condition, or of a JavaScript pop-up window caused by a web request with an XSS payload
b. Proof of SQL injection in the code
This proof will be provided in the following manner:
- A screenshot of the source code reviewed with the vulnerable HTTP parameter and SQL query parameter highlighted or circled.
- A brief paragraph describing why the course code is vulnerable and how it could be misused.
c. Proof of SQL injection in the application
This proof will be provided in the following manner:
- A screenshot showing a database error message, which proves a SQL injection condition.
LAB WEBSITE ASSESSMENT INSTRUCTIONS -
1. Use the lab virtual environment for this assignment where specific instructions for tasks and deliverables are located. After completing the lab, write a lab report that includes all of the required deliverables, screen shots of each operation, and any additional information you gathered.
2. You are also required to include at least one page of written content with a minimum of 2 referenced citations that discusses your findings from each of the lab operations. This can include reasons why the findings are important, actions the organization can take to solve any discovered problems, and any other pertinent information you discovered. This content can be included anywhere in your lab report as long as you meet the one page requirement.
3. Your report must also include Biblical integration that relates a Bible verse, passage, or concept to the assignment. This will count as one of your required citations.
Note - Need to complete virtual lab. Can you do it using team viewer?
Attachment:- Assignment File.rar