L6 T5: Lesson Review & Project Assignment

[OPTIONAL] Project Assignment: Web Security Assessment with Google’s XSS Game

Because we don’t actually teach any javascript in this course, you do not have to complete this assignment. YOU WILL AT LEAST NEED TO SUBMIT A PDF for the assignment so that I can sign off on it.

I encourage everyone to at least watch this video of the solutions to the first two games so you can get a feel for XSS. https://www.youtube.com/watch?v=Rds4Iz3Gzfc

Objective:

Understand common web security vulnerabilities, specifically Cross-Site Scripting (XSS), and mitigation strategies by solving the challenges presented in Google’s XSS Game.

Resources Needed:

• A personal computer with internet access.
• Google’s XSS Game (https://xss-game.appspot.com/)

Your Role:

1. Play the Game: Visit Google’s XSS Game website and work your way through each of the six levels of XSS challenges.
2. Take Notes: While solving each level, take notes on the problem presented, your thought process, and the steps you took to solve the challenge.
3. Research Mitigation Strategies: For each XSS vulnerability you exploited to win the game, research and understand how such vulnerabilities can be prevented in real-world applications.
4. Prepare a Report: Write a report summarizing your experience, findings, and insights. This report should include:
   • A brief explanation of the XSS vulnerabilities found in each level.
   • A description of how you exploited these vulnerabilities to complete each level.
   • An explanation of how such vulnerabilities can be prevented or mitigated, with reference to real-world web security practices.

Submission:

Upload the completed report in doc or pdf format below.