The Insecure Web App is an open source database driven J2EE web application released through the Open Web Application Security Project (OWASP) (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project). It contains a variety of vulnerabilities including SQL injection, XSS, Parameter tampering, and broken authorization and authentication, to name a few.

The purpose of this subproject is to conduct vulnerability assessment of the Insecure Web App.

Before starting, you need to install the insecure Web App. The instructions to install the app on Kali are given in the appendix below.

After launching the application (using a web browser), click on the link Instructions to access the guidelines and application overview.

The Application Overview section provides a brief description of the different use cases underlying the application and lists different challenge questions in terms of vulnerability assessment.

For this subproject, you are required to answer only one challenge, which is the following:

Challenge # 3: Forceful Browsing and Parameter Tampering