{"id":69555,"date":"2021-11-02T01:41:46","date_gmt":"2021-11-02T01:41:46","guid":{"rendered":"https:\/\/papersspot.com\/blog\/2021\/11\/02\/webgoat-exercises\/"},"modified":"2021-11-02T01:41:46","modified_gmt":"2021-11-02T01:41:46","slug":"webgoat-exercises","status":"publish","type":"post","link":"https:\/\/papersspot.com\/blog\/2021\/11\/02\/webgoat-exercises\/","title":{"rendered":"WebGoat exercises"},"content":{"rendered":"<p>Since the WebGoat lesson on deserialization is fairly limited, you are to also solve a number ofthe challenges on thehttps:\/\/portswigger.net\/web-securityWeb Academy site. These aregreat challenges (not just the deserialization ones but all of them). You should look around thatsite at what is there, but for this assignment, you will specifically solve some on theInsecuredeserializationpage,https:\/\/portswigger.net\/web-security\/deserializati&#8230;. Most ofthese use PHP because it is easier to work with, but they should be very doable even if youdon\u2019t have any experience with PHP. Once you read that page, you should go to the labs linkon that page, namelyhttps:\/\/portswigger.net\/web-security\/deserializati&#8230;.You are to solve the first 5 labs (up to and including the one on \u201dExploiting Java deserializationwith Apache Commons\u201d. Then, you should try to solve the \u201dDeveloping a custom gadget chain forJava deserialization\u201d lab, which is quite a bit more challenging. However, you have the solutions allgiven there, so these should all be doable. You need to create an account on Portswigger first, andof course, you are welcome to solve any of the other challenges as well! When done, go to the \u201dAllLabs\u201d page (https:\/\/portswigger.net\/web-security\/all-labs) and take a screenshot showingthe challenges you solved and call itMyDeserialization.png. Also, go to the bottom of the \u201dHallof Fame\u201d page,https:\/\/portswigger.net\/web-security\/hall-of-fame, and take a screenshotof the number of challenges you solved showing your name. Call thisMyHallOfFame.png <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since the WebGoat lesson on deserialization is fairly limited, you are to also solve a number ofthe challenges on thehttps:\/\/portswigger.net\/web-securityWeb Academy site. These aregreat challenges (not just the deserialization ones but all of them). You should look around thatsite at what is there, but for this assignment, you will specifically solve some on theInsecuredeserializationpage,https:\/\/portswigger.net\/web-security\/deserializati&#8230;. Most [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[10],"class_list":["post-69555","post","type-post","status-publish","format-standard","hentry","category-research-paper-writing","tag-writing"],"_links":{"self":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/69555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/comments?post=69555"}],"version-history":[{"count":0,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/posts\/69555\/revisions"}],"wp:attachment":[{"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/media?parent=69555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/categories?post=69555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/papersspot.com\/blog\/wp-json\/wp\/v2\/tags?post=69555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}