🛡️ Cybersecurity Track

Vulnerability Assessment

Conduct a comprehensive security audit of a web application using OWASP Top 10 as a framework.

⏱️ 10-14 hours 🎯 Advanced

📋 Overview

Security testing without proper documentation is just hacking. In this project, you'll perform a methodical vulnerability assessment and document findings professionally.

🔨 Assessment Methodology

Phase 1: Reconnaissance

Enumerate endpoints, identify tech stack

nmap -sV -sC target.com whatweb target.com

Phase 2: Automated Scanning

docker run -t owasp/zap2docker-stable zap-baseline.py -t https://target.com -r report.html

Phase 3: Manual Testing

• SQL Injection (auth bypass, data extraction)
• XSS (reflected, stored, DOM-based)
• CSRF token validation
• Authentication/Authorization flaws

📦 Deliverables

✓Executive summary (1-page, non-technical)
✓Technical findings report (CVSS scores, PoC)
✓Remediation roadmap prioritized by risk