Skip to content

Slayer427/web-application-vulnerability-assessment

BranchesTags

Repository files navigation

Web Application Vulnerability Assessment

📌 Overview

This project demonstrates practical web application security testing using the WebGoat training platform. The assessment focuses on identifying and exploiting common web vulnerabilities including SQL Injection (SQLi), Cross-Site Scripting (XSS) and Session Hijacking.

The vulnerabilities explored in this project align with common OWASP Top 10 web application security risks. This project simulates real world web application security testing scenarios used in penetration testing and vulnerability assessment.

🎯 Objectives

  • Understand common web application vulnerabilities
  • Perform SQL Injection attacks
  • Test reflected and stored XSS payloads
  • Analyze insecure session handling
  • Observe requests and responses using OWASP ZAP

🛠️ Tools Used

  • WebGoat
  • OWASP ZAP
  • Kali Linux
  • Browser Developer Tools
  • VirtualBox

🔧 Work Performed

  • Performed SQL Injection attacks using crafted payloads
  • Retrieved data from vulnerable database queries
  • Executed reflected and stored XSS payloads
  • Tested DOM based XSS behavior
  • Observed cookie manipulation and session hijacking
  • Captured and analyzed HTTP requests using OWASP ZAP

📸 Screenshots

🛠️ SQL Injection Payload

This demonstrates a SQL Injection payload used to manipulate database queries and bypass input validation.

SQL Injection Payload

🔍 SQL Injection Result

This demonstrates successful retrieval of database information using SQL Injection techniques.

SQL Injection Result

⚠️ Reflected XSS Attack

This demonstrates execution of a reflected XSS payload using JavaScript alert execution in the browser.

Reflected XSS Attack

💾 Stored XSS Execution

This demonstrates a stored XSS payload executing within the application environment.

Stored XSS Execution

🔐 Session Hijacking / Cookie Manipulation

This demonstrates how insecure session handling and cookie manipulation can affect session security.

Session Hijacking

🕷️ OWASP ZAP Request Analysis

This demonstrates request capture and inspection using OWASP ZAP.

OWASP ZAP

OWASP Analysis

📊 Key Findings

  • SQL Injection can expose sensitive database information
  • XSS vulnerabilities allow execution of malicious scripts in user browsers
  • Insecure session handling increases risk of session hijacking
  • Improper input validation is a major security weakness
  • OWASP ZAP is effective for analyzing web requests and responses

🧠 Learning Outcomes

  • Learned practical web application testing techniques
  • Understood SQL Injection and XSS attack methodology
  • Gained experience using OWASP ZAP for request analysis
  • Learned how insecure session handling can be exploited
  • Improved understanding of OWASP Top 10 vulnerabilities

🛡️ Mitigation Techniques

  • Use parameterized queries / prepared statements
  • Validate and sanitize user input
  • Implement Content Security Policy (CSP)
  • Use HttpOnly and Secure cookie flags
  • Implement secure session management

📄 Detailed Report

View Full Report

🔚 Conclusion

This project demonstrates foundational web application security testing skills and highlights the importance of secure coding, input validation and proper session management in modern web applications.

👨‍💻 Author

Harsh – Cybersecurity Enthusiast

About

Web application security testing using WebGoat, OWASP ZAP, SQL Injection, XSS, and Session Hijacking

Topics

zap xss owasp cybersecurity penetration-testing sql-injection web-security kali-linux cyber-security

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors