Within your course repository, create a directory "final". Commit and push to your remote repository.
cd <path_to_repo> mkdir final touch final/screencast_url.txt git add final git commit -m "initial commit for final" git push
Choose one of the topics below from PortSwigger's Web Security Academy site and solve a sequence of levels within them.
After completing your levels, you will then create a narrated screencast no longer than 15 minutes in length that walks-through the levels that you solved. Included in your screencast should be descriptions of each level, a code walkthrough of the vulnerability in the level, a walkthrough of its exploitation, a walkthrough of the program used to perform the exploit, and a description of potential remediations.
To ensure you are the one completing the screencast, your screencast MUST initially include a video of you narrating the walkthrough. It is recommended for you to record your screencast as a recorded screen share on Zoom. Note that, when logged into Zoom, recordings are automatically captured and uploaded to PSU's Media Space and can be accessed after a short time by visiting "My Media" within Media Space.
Alternatively, you may also record your screencast using the software on Media Space (e.g. Kaltura Capture) or from tools such as QuickTime or Open Broadcaster. You will then upload your screencast via PSU's Media Space by visiting the site and clicking on "My Media".
After selecting and uploading the video, you will then bring the video up on Media Space, select the "Publish" tab, click on "Unlisted", and then "Save".
Finally, you will update the file final/screencast_url.txt in your repository to contain the URL that your unlisted screencast on MediaSpace is located. After doing so, commit and push it to your course repository. In addition, any source files you used as part of your project should also be included in the directory and will contribute to your grade.
We will be using your screencast and code in your git repository to evaluate your project.
Video of yourself within screencast |
Difficulty of level(s) solved |
Thoroughness vulnerability descriptions in level(s) solved |
Demonstration and walkthrough of exploitation including how the input you provide leverages the vulnerability |
Programmatic solution of level(s) and walkthrough of solution code |
Description of prevention/remediation for each level |
Instructions followed with scripts in the directory named |