This repository is focused on performing penetration testing on the AltoroJ application, identifying vulnerabilities, and applying mitigations to secure the application.
AltoroJ is a vulnerable web application that is often used for educational purposes in cybersecurity. This project aims to perform a comprehensive security assessment of AltoroJ and provide a detailed report along with the steps to mitigate identified vulnerabilities.
- Apache Tomcat 8 installed on your machine.
- Java Development Kit (JDK) installed on your machine.
- Burp Suite installed on your machine.
- Basic knowledge of penetration testing and common web application vulnerabilities.
-
Clone the repository:
git clone https://github.com/Youssef-Wahba/AltoroJ-pentesting.git cd altoroj-security -
Download and install Apache Tomcat 8.
-
Deploy the AltoroJ application:
- Copy the
altoroj.warfile into thewebappsdirectory of your Tomcat installation. - Start the Tomcat server by running the
startup.bat(Windows) orstartup.sh(Unix) script located in thebindirectory of your Tomcat installation.
- Copy the
-
Access the AltoroJ application at
http://localhost:8080/altoroj.
- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Insecure Direct Object References (IDOR)
- Security Misconfigurations
- Sensitive Data Exposure
- Reconnaissance: Gather information about the application, such as URLs, parameters, and functionality.
- Scanning: Use Burp Suite to scan for vulnerabilities.
- Exploitation: Attempt to exploit identified vulnerabilities to understand their impact.
- Reporting: Document each vulnerability, its impact, and steps to reproduce it.
Refer to the Security Report.pdf file in this repository for detailed information on identified vulnerabilities and their mitigations.
The Security Report.pdf contains detailed steps to mitigate each identified vulnerability. Implement the recommended changes in the codebase to secure the application.