History

Michael Herzberg fda6aecb58 Updated solutions.		2019-02-22 14:02:01 +00:00
..
exercises	DVGM: Using ZAP.	2018-08-29 07:16:09 +01:00
solutions@d42f9dbe28	Updated solutions.	2019-02-22 14:02:01 +00:00
README.md	Initial commit.	2018-08-30 00:01:34 +01:00
ruby-primer.md	Added Ruby primer.	2018-08-26 09:31:15 +01:00

README.md

DVGM -- Usage and Security Analysis

Introduction / Prerequisites

This exercise sheet is meant to be followed on a recent GNU/Linux installation and makes use of the terminal. While all necessary commands are provided, a basic understanding if its usage is still required.

In the following, we will use the Damn Vulnerable Grade Management (DVGM) app as a training target. Before continuing, please familiarize yourself with the app and ensure that it is listening on http://$(hostname):3000, where $(hostname) is the host name of your machine as returned by the hostname command. This is important because some scanners have problems when scanning loopback addresses such as localhost and 127.0.0.1.

If you need to fresh-up your Ruby knowledge, our small Ruby Primer might be a helpful companion.

Questions / Challenges

The folder exercises contains several exercises that illustrate both manual exploration of DVGM and the use of tools such as Brakeman, Arachni, and OWASP ZAP for finding various security vulnerabilities in DVGM.