Internship: Future Interns - Cyber Security
Track Code: CS
Task Number: 01
Trainee Name: Dhanush G
Date: December 23-24, 2025
Repository: https://github.com/DHANUSHGCODE/FUTURE_CS_01
This repository contains comprehensive documentation and evidence of web application security testing conducted on vulnerable applications as part of the Future Interns Cyber Security Internship program. The project demonstrates practical application of penetration testing methodologies, vulnerability identification, and security assessment techniques.
Objective: Perform basic web application security testing on vulnerable applications to identify and document common security vulnerabilities including SQL Injection (SQLi), Cross-Site Scripting (XSS), Security Misconfigurations, and Authentication weaknesses.
| # | Vulnerability | Risk Level | Status | Details |
|---|---|---|---|---|
| 1 | SQL Injection | π΄ HIGH | Confirmed | Database query manipulation |
| 2 | Cross-Site Scripting (XSS) | π‘ MEDIUM | Confirmed | Malicious script injection |
| 3 | Security Misconfiguration | π‘ MEDIUM | Confirmed | Missing HTTP security headers |
| 4 | Weak Authentication | π΄ HIGH | Confirmed | Default credentials, no MFA |
| 5 | Information Disclosure | π‘ MEDIUM | Confirmed | Sensitive data exposure |
Total Vulnerabilities: 5 Critical/High severity issues identified and documented.
- Kali Linux - Penetration testing operating system
- OWASP ZAP - Automated vulnerability scanning and web application security testing
- Burp Suite Community - Manual web application testing and analysis
- SQLMap - SQL injection testing and exploitation
- DVWA - Damn Vulnerable Web Application (intentionally vulnerable test environment)
- Docker - Application containerization and deployment
- Apache2 - Web server
- MariaDB - Database management system
- VMware Workstation - Virtual machine environment
FUTURE_CS_01/
β
βββ README.md # This file - Project overview
βββ TASK_01_REPORT.md # Comprehensive security testing report
βββ LICENSE # MIT License
β
βββ wed vernumbality testing/ # Security testing evidence
βββ Screenshot_2025-12-23_*.png # DVWA testing screenshots
βββ Screenshot_2025-12-24_*.png # Additional testing evidence
βββ ... (14 total screenshots)
Damn Vulnerable Web Application (DVWA) is an intentionally vulnerable PHP/MySQL web application designed for security testing practice.
- URL: http://localhost/DVWA/
- Framework: PHP 7+
- Database: MariaDB
- Purpose: Educational platform for learning web security vulnerabilities
- Status: Deliberately vulnerable for authorized testing only
The security assessment followed a systematic 4-phase approach:
- Application reconnaissance
- Technology stack identification
- Functionality mapping
- Input point enumeration
- OWASP ZAP automated vulnerability scanning
- Comprehensive coverage analysis
- Vulnerability categorization
- Report generation
- Verification of automated findings
- Manual exploitation attempts
- Proof of concept development
- Impact assessment
- Severity rating (CVSS)
- Detailed documentation
- Remediation recommendations
- Executive summary preparation
Description: Improper input validation allows SQL command injection
Impact: Unauthorized database access, data theft, system compromise
Mitigation: Use prepared statements, parameterized queries, input validation
Reference: OWASP SQL Injection
Description: Default credentials, no account lockout, weak password policy
Impact: Unauthorized access, account takeover
Mitigation: Strong password enforcement, MFA, account lockout mechanisms
Reference: OWASP Authentication Cheat Sheet
Description: Malicious JavaScript can be injected into web pages
Impact: Session hijacking, credential theft, malware distribution
Mitigation: Input validation, output encoding, Content Security Policy
Reference: OWASP XSS Prevention
Detailed screenshots and test results are available in the wed vernumbality testing/ folder:
- 14 comprehensive screenshots documenting the testing process
- Evidence of vulnerability confirmation
- Tool output and scan reports
- Proof of concept demonstrations
-
Patch SQL Injection vulnerabilities immediately
- Implement prepared statements
- Deploy parameterized queries
- Enable input validation middleware
-
Implement authentication security measures
- Remove default credentials
- Enforce strong password policies
- Implement account lockout
- Enable multi-factor authentication
-
Fix XSS vulnerabilities
- Implement output encoding
- Deploy Content Security Policy (CSP)
- Enable browser XSS protections
- Deploy Web Application Firewall (WAF)
- Implement security logging and monitoring
- Conduct developer security training
- Establish secure development lifecycle (SDLC)
- Implement automated security testing in CI/CD pipeline
- Conduct regular penetration testing
- Establish bug bounty program
- Achieve OWASP Top 10 compliance
- OWASP Top 10 - Most critical web application risks
- OWASP Testing Guide - Comprehensive testing methodology
- CWE Top 25 - Most dangerous software weaknesses
- CVSS Calculator - Vulnerability severity rating
- OWASP ZAP - Free security scanning tool
- Burp Suite - Web application security testing
- SQLMap - SQL injection testing tool
- DVWA - Vulnerable application for learning
- OWASP Cheat Sheets - Quick reference guides
- Kali Linux - Penetration testing platform
- TASK_01_REPORT.md - Comprehensive 388-line security testing report including:
- Detailed methodology and procedures
- Complete vulnerability analysis
- Proof of concept for each vulnerability
- Mitigation strategies
- Learning outcomes and conclusions
- wed vernumbality testing/ - 14 screenshots documenting:
- DVWA setup and configuration
- OWASP ZAP scanning process
- Vulnerability verification
- Tool usage and output
Through this internship task, the following competencies were developed:
β Web Application Security Concepts
- OWASP Top 10 vulnerabilities
- SQL Injection attack vectors and prevention
- XSS exploitation and mitigation
- Authentication and authorization flaws
β Security Testing Tools
- OWASP ZAP automated scanning
- Burp Suite manual testing
- SQLMap exploitation techniques
- Vulnerability assessment workflows
β Professional Skills
- Technical security reporting
- Risk assessment and prioritization
- Remediation planning
- Communication of findings
This project successfully demonstrates:
- Practical application of web security testing methodologies
- Identification and documentation of real vulnerabilities
- Professional reporting and recommendations
- Understanding of security best practices
- Hands-on experience with industry-standard security tools
The comprehensive testing revealed critical vulnerabilities in web applications that are common in production systems. Proper remediation and secure development practices are essential to prevent unauthorized access and data compromise.
Trainee: Dhanush G
Internship: Future Interns - Cyber Security
Track: CS - 01
Email: [Your Email]
LinkedIn: [Your LinkedIn Profile]
GitHub: https://github.com/DHANUSHGCODE
This project is licensed under the MIT License - see the LICENSE file for details.
This documentation and all testing was conducted on intentionally vulnerable applications in a controlled environment for educational purposes. All activities were authorized and conducted in compliance with ethical hacking standards. Unauthorized access to computer systems is illegal.