The Insecure Web App is an open source database driven J2EE web application released through the Open Web Application Security Project (OWASP) (https://www.owasp.org/index.php/Category:OWASP_Insecure_Web_App_Project). It contains a variety of vulnerabilities including SQL injection, XSS, Parameter tampering, and broken authorization and authentication, to name a few.
The purpose of this subproject is to conduct vulnerability assessment of the Insecure Web App.
Before starting, you need to install the insecure Web App
After launching the application (using a web browser), click on the link 'Instructions' to access the guidelines and application overview.
The 'Application Overview' section provides a brief description of the different use cases underlying the application and lists different challenge questions in terms of vulnerability assessment.
For this subproject, you are required to answer only one challenge, which is the following:
1. Challenge # 3: Forceful Browsing and Parameter Tampering