CSIS 486
CSIS 486:CAPSTONE PROJECT ASSIGNMENT INSTRUCTIONS
OVERVIEW
This capstone is a continuation of CSIS 485. In the following phases of the capstone, you are to
pretend you have been hired by a client that just developed an ecommerce web application,
called Hackazon, and they have not had any security help to this point. The application is full of
vulnerabilities, you are to play with the application and then perform security testing to find and
fix vulnerabilities. This is a capstone course, so you will not be taught each step. A much needed
skill in Cybersecurity is the ability to figure things out on your own. You may soon be hired to
figure things out, so demonstrate you have that skill set by spending time on the Internet and
figure the task at hand out.
Note: The instructor may give you a new configuration file to use in your application, to keep
things fresh and prevent cheating with old reports by others. Also, this is both a group and
individual effort project, communication between students in the same group is permitted for this
project. However, the written assignments are individual effort and the vulnerability findings and
evaluations should be different for each student. Remember, academic honesty is a hallmark of
Liberty and any violations will be punished in accordance with the academic dishonesty policy.
Remember, we are training ethical hackers, play within the rules.
INSTRUCTIONS
Download Virtualbox from Oracle.
Download Hackazon from Github.
Configure Hackazon to run on host only mode, with local IP.
Play with Hackazon and attempt to find vulnerabilities, manually, by reviewing the OWASP top
10 List.
Capstone Project Phase: Initial Dynamic Security Scan Assignment
Perform a Dynamic Security Scan of Hackazon Application using the free Burp scanner.
Launch Burp security scanner against Hackazon site.
Upload: A single report that contains the following sections:
1. Evidence of configuration screenshots of burp.
2. The detailed vulnerability report. Ensure you include evidence of a vulnerability scan
of both the public (non-authenticated) and back end (authenticated) portions of the site.
3. Provide at least 200 words describing how you would ethically disclose this information
to the company who hired you, what precautions you would take and what you would
and would not do with that sensitive information. Support this paragraph with a biblical
citation in APA format that demonstrates the application of a biblical world view to the
cybersecurity and ethical hacking field. The submission should be at least 3 pages of
content and not more than 10. Be sure to add a title page, including your name, the title,
course name, school, date.
Capstone Project Phase: Initial Static Security Scan Assignment
Launch RIPS (Github) security scanner against code for Hackazon.
Upload: A single report with the following sections:
1. Evidence of installation and configuration screenshots of RIPS.
2. The detailed vulnerability report with all vulnerable code blocks expanded.
Page 1 of 3
CSIS 486:CAPSTONE PROJECT ASSIGNMENT INSTRUCTIONS
OVERVIEW
This capstone is a continuation of CSIS 485. In the following phases of the capstone, you are to
pretend you have been hired by a client that just developed an ecommerce web application,
called Hackazon, and they have not had any security help to this point. The application is full of
vulnerabilities, you are to play with the application and then perform security testing to find and
fix vulnerabilities. This is a capstone course, so you will not be taught each step. A much needed
skill in Cybersecurity is the ability to figure things out on your own. You may soon be hired to
figure things out, so demonstrate you have that skill set by spending time on the Internet and
figure the task at hand out.
Note: The instructor may give you a new configuration file to use in your application, to keep
things fresh and prevent cheating with old reports by others. Also, this is both a group and
individual effort project, communication between students in the same group is permitted for this
project. However, the written assignments are individual effort and the vulnerability findings and
evaluations should be different for each student. Remember, academic honesty is a hallmark of
Liberty and any violations will be punished in accordance with the academic dishonesty policy.
Remember, we are training ethical hackers, play within the rules.
INSTRUCTIONS
Download Virtualbox from Oracle.
Download Hackazon from Github.
Configure Hackazon to run on host only mode, with local IP.
Play with Hackazon and attempt to find vulnerabilities, manually, by reviewing the OWASP top
10 List.
Capstone Project Phase: Initial Dynamic Security Scan Assignment
Perform a Dynamic Security Scan of Hackazon Application using the free Burp scanner.
Launch Burp security scanner against Hackazon site.
Upload: A single report that contains the following sections:
1. Evidence of configuration screenshots of burp.
2. The detailed vulnerability report. Ensure you include evidence of a vulnerability scan
of both the public (non-authenticated) and back end (authenticated) portions of the site.
3. Provide at least 200 words describing how you would ethically disclose this information
to the company who hired you, what precautions you would take and what you would
and would not do with that sensitive information. Support this paragraph with a biblical
citation in APA format that demonstrates the application of a biblical world view to the
cybersecurity and ethical hacking field. The submission should be at least 3 pages of
content and not more than 10. Be sure to add a title page, including your name, the title,
course name, school, date.
Capstone Project Phase: Initial Static Security Scan Assignment
Launch RIPS (Github) security scanner against code for Hackazon.
Upload: A single report with the following sections:
1. Evidence of installation and configuration screenshots of RIPS.
2. The detailed vulnerability report with all vulnerable code blocks expanded.
Page 1 of 3
