For this week’s assignment, you will propose (or illustrate) a database solution enabling service representatives to identify the most important customers so that they could receive priority service. You will use….
Welcome to Deakin Wargames, an interactive assessment of your knowledge and understanding of vulnerabilities-Describe approaches to computer security including access control, identity verification and authentication in order to minimize the cyber attacks on a system
This solution for this assessment cannot be directly found using a ‘Google’ search. You must understand this is a challenge and need to apply your knowledge and problem solving skills to a series of cyber security concepts. Also make sure you don’t share your progress or solutions with others.
A guide has been provided as part of the resources for this assessment. It is important to understand that the assessment has been designed for everyone to pass. To achieve a higher grade is going to require a concerted effort by you.
The learning objectives of this assessment task are to:
ULO1 Describe approaches to computer security including access control, identity verification and authentication in order to minimize the cyber attacks on a system.
ULO4 Apply the appropriate use of tools to facilitate network security to prevent various types of computer and network attacks, and malicious software that exists.
Welcome to Deakin Wargames, an interactive assessment of your knowledge and understanding of vulnerabilities relating to computer security, internet security and privacy.
This challenge requires you to work through ten levels, each of which contains a vulnerability. In order to progress to the next level, you must exploit this vulnerability to obtain a password which will grant you access to the next level.
Marks are allocated based on your ability to progress through each level as well as your understanding of the vulnerability and the recommendations you make on how to fix the issue. That is, you are expected to fully understand how you completed each level; this will be assessed through the problem solving task report.
Problem solving task report
Each student is to submit a report of approximately 2000 words and exhibits following the rubric provided. The report MUST include descriptions and evidence of results of the steps performed in order to be eligible to be awarded maximum marks for each rubric criterion.
You will note that the weighting is higher for levels 0-3 to enable everyone to pass. The levels then get more complex enabling you to decide what grade you want to achieve.
You are required to identify vulnerabilities and perform associated attacks to ultimately gain access to level 10 of the website. There are 5 vulnerabilities listed below covered by the 10 levels.
The name of the vulnerability that corresponds to each level is provided for you!
- Information Leakage
- Directory Traversal
- Weak Encryption
- Cookie Manipulation
- SQL Injection
The following table provides guidelines on the information to be included for each vulnerability.
There needs to be 1 table completed per level.
War Game Level
Copy and Paste the URL here corresponding to the level.
Description of Vulnerability
Describe the weakness or flaw of the War game level.
This is the main section of your report; what you were able to ascertain/discover as a result of testing. You should recreate the steps taken to exploit the vulnerability in question.
Be sure to include a screenshot showing the level of the ‘War Game’ the vulnerability relates to. No more than 2 screenshots per vulnerability, and make sure to provide a description for the screenshots.
Focus on demonstrating your understanding of the vulnerability and importantly, your understanding of the exploit you used.
|Level Credentials – here you list the credentials to be used to gain access to the ‘War Game’ level(s) relating to the vulnerability.
Level 0 Password:
What is the threat? What can an attacker do through exploiting this vulnerability? If nothing, could they use this as an entry point to pivot and perform further attacks?
What are your recommendation(s) to mitigate this issue?