Initial commit.
This commit is contained in:
parent
8084f808bf
commit
0d60d287d4
|
|
@ -0,0 +1,24 @@
|
|||
# DVGM -- Usage and Security Analysis
|
||||
|
||||
## Introduction / Prerequisites
|
||||
|
||||
This exercise sheet is meant to be followed on a recent GNU/Linux installation
|
||||
and makes use of the terminal. While all necessary commands are provided, a
|
||||
basic understanding if its usage is still required.
|
||||
|
||||
In the following, we will use the Damn Vulnerable Grade Management (DVGM) app as
|
||||
a training target. Before continuing, please familiarize yourself with the app
|
||||
and ensure that it is listening on `http://$(hostname):3000`, where
|
||||
`$(hostname)` is the host name of your machine as returned by the `hostname`
|
||||
command. This is important because some scanners have problems when scanning
|
||||
loopback addresses such as `localhost` and `127.0.0.1`.
|
||||
|
||||
If you need to fresh-up your Ruby knowledge, our small [Ruby Primer](ruby-primer.md)
|
||||
might be a helpful companion.
|
||||
|
||||
## Questions / Challenges
|
||||
|
||||
The folder [exercises](exercises/) contains several exercises that illustrate both manual
|
||||
exploration of DVGM and the use of tools such as [Brakeman](https://brakemanscanner.org/),
|
||||
[Arachni](http://www.arachni-scanner.com/), and [OWASP ZAP](https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project)
|
||||
for finding various security vulnerabilities in DVGM.
|
||||
Loading…
Reference in New Issue