You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Michael Herzberg ee24685234 Updated submodules. 4 years ago
exercises DVGM: Using ZAP. 5 years ago
solutions@9490958483 Updated submodules. 4 years ago Initial commit. 5 years ago Added Ruby primer. 5 years ago

DVGM -- Usage and Security Analysis

Introduction / Prerequisites

This exercise sheet is meant to be followed on a recent GNU/Linux installation and makes use of the terminal. While all necessary commands are provided, a basic understanding if its usage is still required.

In the following, we will use the Damn Vulnerable Grade Management (DVGM) app as a training target. Before continuing, please familiarize yourself with the app and ensure that it is listening on http://$(hostname):3000, where $(hostname) is the host name of your machine as returned by the hostname command. This is important because some scanners have problems when scanning loopback addresses such as localhost and

If you need to fresh-up your Ruby knowledge, our small Ruby Primer might be a helpful companion.

Questions / Challenges

The folder exercises contains several exercises that illustrate both manual exploration of DVGM and the use of tools such as Brakeman, Arachni, and OWASP ZAP for finding various security vulnerabilities in DVGM.