WebGoat Project

WebGoat Project Requirements

You are required to solve one of the network security lessons provided in the WebGoat project.
You will need to download and install WebGoat. It's written in Java and there are installation tools for Linux, Mac OS X, and Windows.
You must provide a clear statement of the problem and explain why it is a significant security issue.
You must provide a complete solution to the problem. Also discuss any limitations of the WebGoat lesson (Is the lesson realistic? Is it sufficient to provide you with a good understanding of the problem and its solution and/or prevention? Etc.)
As an alternative to solving an existing WebGoat lesson, you could create a new WebGoat lesson.
All projects will be graded on the same basis, and all projects will be ranked against all other projects.
For this project, you may (and should) work with a partner. You may instead choose to work alone, but you will be graded on the same basis as the team projects, so it is to your advantage to find a capable partner. In rare cases, I might approve teams of more than 2 students, but larger teams will be held to a higher standard.
Instructor approval of your selected topic, via email, is required. The topics are first come, first served. For your email, use subject line "CS265 WebGoat Topic". You must email your project topic to me by Monday, February 16. If I have any issues or concerns regarding your selected topic, I will inform you promptly. If you select a topic and find that it is too difficult, it is possible to change to a different topic. However, this will cost you a significant amount of time, so it is to your advantage to spend some effort to initially select a good topic.
You must write a report carefully describing and analyzing your work. There is no minimum or maximum length for this paper, but quality is more important than quantity---your paper must be concise and to the point. Your grade for this project will largely be determined by the content and substance of your paper. While this is not an English class, poor grammar, usage, organization, etc., will definitely not help your cause and may detract significantly from your grade. Any software that you write that is relevant to your report must be submitted with your report.
The project is due Friday, March 20. Submit a ~~hardcopy~~ softcopy of your report (as a PDF) and any additional material via email in a zip file named: Lastname1_Lastname2.zip. The "subject" line of the email must read "CS265 WebGoat Project".
I may submit your paper to www.turnitin.com, an online plagiarism detection tool. If I determine that you have committed plagiarism, you will fail the course and an academic dishonesty report will be filed. The official SJSU position on academic dishonesty (including plagiarism) can be found at http://www2.sjsu.edu/senate/s98-1.htm.
It is essential that you start on this project as soon as possible.