Written by Simon

Answers for the TryHackMe DAST module

The TryHackMe DAST Module is a subscriber only module available at: https://tryhackme.com/room/dastzap

Dynamic Application Security Test (DAST)

Question 1: Is DAST a replacement for SAST or SCA? (Yea/Nay)

Answer 1: Nay

Question 2: What is the process of mapping an application’s surface and parameters usually called?

Answer 2: Spidering/Crawling

Question 3: Does DAST check the code of an application for vulnerabilities (Yea/Nay)

Answer 3: Nay

Spiders and Crawlers

Question 1: ZAP can run an AJAX spider by using browsers without a Graphical User Interface(GUI). What are those browsers called?

Answer 1: Headless

Question 2: Analysing the Sites tab, what HTTP parameters can be passed to login.php using the POST method? (in alphabetical order and separated by commas)

Answer 2: pass, user

What other .php resource, besides nospiders-gallery.php was found by the AJAX spider but not by the regular spider?

Answer 3: /view.php

Scanning for Vulnerabilities

Question 1: Will disabling some test categories help speed up the scanning phase? (Yea/Nay)?

Answer 1: Yea

Question 2: There should be two high-risk alerts in your scan results. One is Path Transversal. What’s the name of the other one?

Answer 2: Cross Site Scripting (Reflected)

Authenticated Scans:

Question 1: Which type of script was used to record the authentication process to our site in ZAP?

Answer 1: Zest script

Question 2: What additional high-risk vulnerability was found on the site after running the authenticated scan?

Answer 2: Remote OS Command injection

Checking APIs with ZAP

Question 1: What high-risk vulnerability was found on the /asciiart/generate endpoint?

Answer 1: Remote OS Command Injection

Question 2: Read the details of the Path Traversal vulnerability detected. Based solely on the information presented by the scanner, would you categorise this finding as a false positive? (yea/nay)

Answer 2: Yea

Integrating DAST into the development pipeline

Question 1: Download the ZAP report for the simple-webapp repository. How many medium-risk vulnerabilities were found?

Answer 1: 3

Question 2: Check the main branch of the simple-api repository on Jenkins. One of the builds failed during the Build the Docker image step. What is the number of the pre-existing failed build?

Answer 2: 4

Question 3: Download the ZAP report for the simple-api repository. What high-risk vulnerability was found?

Answer 3: Remote OS Command Injection

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s