Merge

2026-05-31 13:35:20 +01:00
parent 89b17901a9 5059041ec7
commit a17feb0e1b
8 changed files with 121 additions and 94 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 *.log
 *.aux
+*.synctex.gz
--- a/relatorio/relatorio.aux
+++ b/relatorio/relatorio.aux
@@ -11,25 +11,26 @@
 \@writefile{toc}{\contentsline {subsection}{\numberline {2.1}Network structure}{3}{subsection.2.1}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {2.2}Servers}{3}{subsection.2.2}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {2.3}Services}{3}{subsection.2.3}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {3}Web application security testing}{3}{section.3}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Information Gathering}{3}{subsection.3.1}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {3}Web application security testing}{4}{section.3}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.1}Information Gathering}{4}{subsection.3.1}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.2}Configuration and Deployment Management Testing}{4}{subsection.3.2}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{4}{subsection.3.3}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Authentication Testing}{6}{subsection.3.4}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Authorization Testing}{6}{subsection.3.5}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{5}{subsection.3.3}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Authentication Testing}{7}{subsection.3.4}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Authorization Testing}{7}{subsection.3.5}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Session Management Testing}{7}{subsection.3.6}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{7}{subsection.3.7}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsubsection}{\numberline {3.7.1}Testing for SQL Injection}{8}{subsubsection.3.7.1}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{8}{subsection.3.8}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}Client Side Testing}{8}{subsection.3.9}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {4}Web Application Security Firewall}{9}{section.4}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Information Gathering}{9}{subsection.4.1}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{9}{subsection.4.2}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{9}{subsection.4.3}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Authentication Testing}{9}{subsection.4.4}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Authorization Testing}{9}{subsection.4.5}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Session Management Testing}{9}{subsection.4.6}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{9}{subsection.4.7}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{9}{subsection.4.8}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.9}Client Side Testing}{9}{subsection.4.9}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusions}{9}{section.5}\protected@file@percent }
-\gdef \@abspage@last{9}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}Client Side Testing}{9}{subsection.3.9}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {4}Web Application Security Firewall}{10}{section.4}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Information Gathering}{10}{subsection.4.1}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{10}{subsection.4.2}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{10}{subsection.4.3}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Authentication Testing}{10}{subsection.4.4}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Authorization Testing}{10}{subsection.4.5}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Session Management Testing}{10}{subsection.4.6}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{10}{subsection.4.7}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{10}{subsection.4.8}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.9}Client Side Testing}{10}{subsection.4.9}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusions}{10}{section.5}\protected@file@percent }
+\gdef \@abspage@last{10}
--- a/relatorio/relatorio.log
+++ b/relatorio/relatorio.log
@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.141592653-2.6-1.40.29 (MiKTeX 26.2) (preloaded format=pdflatex 2026.5.30)  31 MAY 2026 13:10
+This is pdfTeX, Version 3.141592653-2.6-1.40.29 (MiKTeX 26.2) (preloaded format=pdflatex 2026.5.30)  31 MAY 2026 13:33
 entering extended mode
 restricted \write18 enabled.
 %&-line parsing enabled.
@@ -1270,13 +1270,9 @@ LaTeX Font Info:    Font shape `T1/Raleway-OsF/b/n' will be

 [2]
 LaTeX Font Info:    Font shape `T1/Raleway-OsF/m/it' will be
-(Font)              scaled to size 10.95pt on input line 26.
-LaTeX Font Info:    Font shape `T1/Raleway-OsF/bold/n' aliased to
-(Font)              `T1/Raleway-OsF/b/n' on input line 40.
-LaTeX Font Info:    Font shape `T1/Raleway-OsF/b/n' will be
-(Font)              scaled to size 12.0pt on input line 40.
+(Font)              scaled to size 10.95pt on input line 28.
 LaTeX Font Info:    Trying to load font information for TS1+Raleway-OsF on inpu
-t line 43.
+t line 48.

 (C:\Users\lcorp\AppData\Local\Programs\MiKTeX\tex/latex/raleway\ts1raleway-osf.
 fd
@@ -1284,35 +1280,41 @@ File: TS1Raleway-OsF.fd 2025/04/09 (autoinst) Font definitions for TS1/Raleway-
 OsF.
 )
 LaTeX Font Info:    Font shape `TS1/Raleway-OsF/m/n' will be
-(Font)              scaled to size 10.95pt on input line 43.
+(Font)              scaled to size 10.95pt on input line 48.
+LaTeX Font Info:    Font shape `T1/Raleway-OsF/bold/n' aliased to
+(Font)              `T1/Raleway-OsF/b/n' on input line 54.
+LaTeX Font Info:    Font shape `T1/Raleway-OsF/b/n' will be
+(Font)              scaled to size 12.0pt on input line 54.
+ [3{C:/Users/lcorp/AppData/Local/Programs/MiKTeX/fonts/enc/dvips/raleway/a_2drk
+ug.enc}]
 \g__tcobox_out_iow=\write6
 \openout6 = `relatorio.listing'.

 LaTeX Font Info:    Font shape `T1/cmtt/bx/n' in size <10.95> not available
-(Font)              Font shape `T1/cmtt/m/n' tried instead on input line 72.
+(Font)              Font shape `T1/cmtt/m/n' tried instead on input line 89.
 LaTeX Font Info:    Font shape `T1/cmtt/bx/n' in size <9> not available
-(Font)              Font shape `T1/cmtt/m/n' tried instead on input line 72.
+(Font)              Font shape `T1/cmtt/m/n' tried instead on input line 89.
 (relatorio.listing
 LaTeX Font Info:    Font shape `T1/Raleway-OsF/m/n' will be
 (Font)              scaled to size 9.0pt on input line 1.
-) [3{C:/Users/lcorp/AppData/Local/Programs/MiKTeX/fonts/enc/dvips/raleway/a_2dr
-kug.enc}] [4]
+) [4]
 \openout6 = `relatorio.listing'.

 (relatorio.listing)
-<./imgs/email-unique.png, id=202, 475.7775pt x 361.35pt>
+<./imgs/email-unique.png, id=205, 475.7775pt x 361.35pt>
 File: ./imgs/email-unique.png Graphic file (type png)
 <use ./imgs/email-unique.png>
-Package pdftex.def Info: ./imgs/email-unique.png  used on input line 130.
+Package pdftex.def Info: ./imgs/email-unique.png  used on input line 148.
 (pdftex.def)             Requested size: 226.48395pt x 172.01245pt.
- [5 <./imgs/email-unique.png (PNG copy)>]
-<./imgs/email-invalido.png, id=223, 504.88625pt x 541.02126pt>
+ [5]
+<./imgs/email-invalido.png, id=228, 504.88625pt x 541.02126pt>
 File: ./imgs/email-invalido.png Graphic file (type png)
 <use ./imgs/email-invalido.png>
-Package pdftex.def Info: ./imgs/email-invalido.png  used on input line 141.
+Package pdftex.def Info: ./imgs/email-invalido.png  used on input line 159.
 (pdftex.def)             Requested size: 226.48395pt x 242.69781pt.
- [6 <./imgs/email-invalido.png (PNG copy)>]
-Overfull \hbox (6.24345pt too wide) in paragraph at lines 167--168
+ [6 <./imgs/email-unique.png (PNG copy)> <./imgs/email-invalido.png (PNG copy)>
+]
+Overfull \hbox (6.24345pt too wide) in paragraph at lines 185--186
 []\T1/Raleway-OsF/b/n/10.95 Tentativa com Script Di-reto: \T1/Raleway-OsF/m/n/1
 0.95 In-se-ri-mos o pay-load tra-di-ci-o-nal \T1/cmtt/m/n/10.95 <script>alert("
 someones
@@ -1320,44 +1322,43 @@ someones

 \openout6 = `relatorio.listing'.

-(relatorio.listing)
+(relatorio.listing) [7]
 \openout6 = `relatorio.listing'.

- (relatorio.listing) [7]
-<./imgs/stack-trace.png, id=253, 643.90562pt x 378.91562pt>
+ (relatorio.listing)
+<./imgs/stack-trace.png, id=245, 643.90562pt x 378.91562pt>
 File: ./imgs/stack-trace.png Graphic file (type png)
 <use ./imgs/stack-trace.png>
-Package pdftex.def Info: ./imgs/stack-trace.png  used on input line 213.
+Package pdftex.def Info: ./imgs/stack-trace.png  used on input line 235.
 (pdftex.def)             Requested size: 452.9679pt x 266.56314pt.
- [8 <./imgs/stack-trace.png>]
+ [8]
 \openout6 = `relatorio.listing'.

-
-(relatorio.listing) [9] (relatorio.aux)
+ (relatorio.listing) [9 <./imgs/stack-trace.png>] [10] (relatorio.aux)
 ***********
 LaTeX2e <2025-11-01>
 L3 programming layer <2026-03-20>
 ***********
 Package rerunfilecheck Info: File `relatorio.out' has not changed.
-(rerunfilecheck)             Checksum: 5C0D8761B50FECB6447C0D628A4DD50C;4695.
+(rerunfilecheck)             Checksum: 71F23F30E8D22A202B518A954FE83332;4897.
 ) 
 Here is how much of TeX's memory you used:
- 31703 strings out of 467691
- 636789 string characters out of 5414987
- 1211034 words of memory out of 5000000
- 60104 multiletter control sequences out of 15000+600000
+ 31700 strings out of 467691
+ 636648 string characters out of 5414987
+ 1246039 words of memory out of 5000000
+ 60099 multiletter control sequences out of 15000+600000
 791342 words of font info for 89 fonts, out of 8000000 for 9000
 1141 hyphenation exceptions out of 8191
- 113i,8n,122p,483b,1803s stack positions out of 10000i,1000n,20000p,200000b,200000s
+ 113i,8n,122p,699b,1803s stack positions out of 10000i,1000n,20000p,200000b,200000s
 <C:\Users\lcorp\AppData\Local\MiKTeX\fonts/pk/ljfour/jknappen/ec/dpi600\ectt
-1095.pk> <C:\Users\lcorp\AppData\Local\MiKTeX\fonts/pk/ljfour/jknappen/ec/dpi60
-0\ectt0900.pk><C:/Users/lcorp/AppData/Local/Programs/MiKTeX/fonts/type1/impalla
+0900.pk> <C:\Users\lcorp\AppData\Local\MiKTeX\fonts/pk/ljfour/jknappen/ec/dpi60
+0\ectt1095.pk><C:/Users/lcorp/AppData/Local/Programs/MiKTeX/fonts/type1/impalla
 ri/raleway/Raleway-Bold.pfb><C:/Users/lcorp/AppData/Local/Programs/MiKTeX/fonts
 /type1/impallari/raleway/Raleway-Italic.pfb><C:/Users/lcorp/AppData/Local/Progr
 ams/MiKTeX/fonts/type1/impallari/raleway/Raleway-Regular.pfb>
-Output written on relatorio.pdf (9 pages, 260502 bytes).
+Output written on relatorio.pdf (10 pages, 263252 bytes).
 PDF statistics:
- 451 PDF objects out of 1000 (max. 8388607)
- 96 named destinations out of 1000 (max. 500000)
- 380 words of extra memory for PDF output out of 10000 (max. 10000000)
+ 461 PDF objects out of 1000 (max. 8388607)
+ 98 named destinations out of 1000 (max. 500000)
+ 388 words of extra memory for PDF output out of 10000 (max. 10000000)

--- a/relatorio/relatorio.out
+++ b/relatorio/relatorio.out
@@ -11,16 +11,17 @@
 \BOOKMARK [2][-]{subsection.3.5}{\376\377\000A\000u\000t\000h\000o\000r\000i\000z\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 11
 \BOOKMARK [2][-]{subsection.3.6}{\376\377\000S\000e\000s\000s\000i\000o\000n\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 12
 \BOOKMARK [2][-]{subsection.3.7}{\376\377\000I\000n\000p\000u\000t\000\040\000V\000a\000l\000i\000d\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 13
-\BOOKMARK [2][-]{subsection.3.8}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000E\000r\000r\000o\000r\000\040\000H\000a\000n\000d\000l\000i\000n\000g}{section.3}% 14
-\BOOKMARK [2][-]{subsection.3.9}{\376\377\000C\000l\000i\000e\000n\000t\000\040\000S\000i\000d\000e\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 15
-\BOOKMARK [1][-]{section.4}{\376\377\000W\000e\000b\000\040\000A\000p\000p\000l\000i\000c\000a\000t\000i\000o\000n\000\040\000S\000e\000c\000u\000r\000i\000t\000y\000\040\000F\000i\000r\000e\000w\000a\000l\000l}{}% 16
-\BOOKMARK [2][-]{subsection.4.1}{\376\377\000I\000n\000f\000o\000r\000m\000a\000t\000i\000o\000n\000\040\000G\000a\000t\000h\000e\000r\000i\000n\000g}{section.4}% 17
-\BOOKMARK [2][-]{subsection.4.2}{\376\377\000C\000o\000n\000f\000i\000g\000u\000r\000a\000t\000i\000o\000n\000\040\000a\000n\000d\000\040\000D\000e\000p\000l\000o\000y\000m\000e\000n\000t\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 18
-\BOOKMARK [2][-]{subsection.4.3}{\376\377\000I\000d\000e\000n\000t\000i\000t\000y\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 19
-\BOOKMARK [2][-]{subsection.4.4}{\376\377\000A\000u\000t\000h\000e\000n\000t\000i\000c\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 20
-\BOOKMARK [2][-]{subsection.4.5}{\376\377\000A\000u\000t\000h\000o\000r\000i\000z\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 21
-\BOOKMARK [2][-]{subsection.4.6}{\376\377\000S\000e\000s\000s\000i\000o\000n\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 22
-\BOOKMARK [2][-]{subsection.4.7}{\376\377\000I\000n\000p\000u\000t\000\040\000V\000a\000l\000i\000d\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 23
-\BOOKMARK [2][-]{subsection.4.8}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000E\000r\000r\000o\000r\000\040\000H\000a\000n\000d\000l\000i\000n\000g}{section.4}% 24
-\BOOKMARK [2][-]{subsection.4.9}{\376\377\000C\000l\000i\000e\000n\000t\000\040\000S\000i\000d\000e\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 25
-\BOOKMARK [1][-]{section.5}{\376\377\000C\000o\000n\000c\000l\000u\000s\000i\000o\000n\000s}{}% 26
+\BOOKMARK [3][-]{subsubsection.3.7.1}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000S\000Q\000L\000\040\000I\000n\000j\000e\000c\000t\000i\000o\000n}{subsection.3.7}% 14
+\BOOKMARK [2][-]{subsection.3.8}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000E\000r\000r\000o\000r\000\040\000H\000a\000n\000d\000l\000i\000n\000g}{section.3}% 15
+\BOOKMARK [2][-]{subsection.3.9}{\376\377\000C\000l\000i\000e\000n\000t\000\040\000S\000i\000d\000e\000\040\000T\000e\000s\000t\000i\000n\000g}{section.3}% 16
+\BOOKMARK [1][-]{section.4}{\376\377\000W\000e\000b\000\040\000A\000p\000p\000l\000i\000c\000a\000t\000i\000o\000n\000\040\000S\000e\000c\000u\000r\000i\000t\000y\000\040\000F\000i\000r\000e\000w\000a\000l\000l}{}% 17
+\BOOKMARK [2][-]{subsection.4.1}{\376\377\000I\000n\000f\000o\000r\000m\000a\000t\000i\000o\000n\000\040\000G\000a\000t\000h\000e\000r\000i\000n\000g}{section.4}% 18
+\BOOKMARK [2][-]{subsection.4.2}{\376\377\000C\000o\000n\000f\000i\000g\000u\000r\000a\000t\000i\000o\000n\000\040\000a\000n\000d\000\040\000D\000e\000p\000l\000o\000y\000m\000e\000n\000t\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 19
+\BOOKMARK [2][-]{subsection.4.3}{\376\377\000I\000d\000e\000n\000t\000i\000t\000y\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 20
+\BOOKMARK [2][-]{subsection.4.4}{\376\377\000A\000u\000t\000h\000e\000n\000t\000i\000c\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 21
+\BOOKMARK [2][-]{subsection.4.5}{\376\377\000A\000u\000t\000h\000o\000r\000i\000z\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 22
+\BOOKMARK [2][-]{subsection.4.6}{\376\377\000S\000e\000s\000s\000i\000o\000n\000\040\000M\000a\000n\000a\000g\000e\000m\000e\000n\000t\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 23
+\BOOKMARK [2][-]{subsection.4.7}{\376\377\000I\000n\000p\000u\000t\000\040\000V\000a\000l\000i\000d\000a\000t\000i\000o\000n\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 24
+\BOOKMARK [2][-]{subsection.4.8}{\376\377\000T\000e\000s\000t\000i\000n\000g\000\040\000f\000o\000r\000\040\000E\000r\000r\000o\000r\000\040\000H\000a\000n\000d\000l\000i\000n\000g}{section.4}% 25
+\BOOKMARK [2][-]{subsection.4.9}{\376\377\000C\000l\000i\000e\000n\000t\000\040\000S\000i\000d\000e\000\040\000T\000e\000s\000t\000i\000n\000g}{section.4}% 26
+\BOOKMARK [1][-]{section.5}{\376\377\000C\000o\000n\000c\000l\000u\000s\000i\000o\000n\000s}{}% 27
--- a/relatorio/relatorio.pdf
+++ b/relatorio/relatorio.pdf
--- a/relatorio/relatorio.synctex.gz
+++ b/relatorio/relatorio.synctex.gz
--- a/relatorio/relatorio.tex
+++ b/relatorio/relatorio.tex
@@ -22,9 +22,14 @@

 \section{Introduction}

+% FAZER EM ENGLISH???  O prof é BR temos que fazer em Brazileiro
+
 Este trabalho tem como objetivo realizar testes de penetração numa aplicação
 cobaia (o \textit{Juicebox}) desenhada para aprendizagem. 

+Este trabalho tem como objetivo utilizar o \textbf{WSTG} (Web security testing guide) e configurar um ModSecurity reverse proxy como uma \textbf{WAF}.
+Para esse fim temos uma aplicação cobaia (o \textit{Juicebox}) desenhada para aprendizagem que vamos utilizar num ambiente controlado para aprender como descobrir vulnerabilidades (aplicando o \textbf{WSTG} e recorrendo ao \textbf{OWASP ZAP}) e prevenir antes do serviço estar online (elaborando uma \textbf{WAF}).
+
 \section{Architecture Considered for Both Stages}

 Utilizámos somente duas máquinas virtuais: um servidor a correr \textit{CentOS 9}
@@ -32,21 +37,31 @@ e um cliente a correr \textit{Kali Linux}. O servidor contém o serviço \textit
 que age como \textit{firewall} através do módulo \textit{ModSecurity}, e um servidor
 \textit{Node.js} que aloja o \textit{Juicebox} --- a aplicação que vai servir de cobaia (\textit{dummy}).

-Vão ser realizadas duas etapas de testes: primeiro, sem WAF (\textit{Web Application Firewall})
-e com foco em explorar vulnerabilidades na aplicação; e, posteriormente, com uma WAF configurada para 
-mitigar as várias vulnerabilidades que foram encontradas na etapa anterior.
+% Vão ser realizadas duas etapas de testes: primeiro, sem WAF (\textit{Web Application Firewall})
+% e com foco em explorar vulnerabilidades na aplicação; e, posteriormente, com uma WAF configurada para 
+% mitigar as várias vulnerabilidades que foram encontradas na etapa anterior.
+
+% Para simular utilizámos \textit{Virtual Box}, como nos outros projetos, para criar as maquinas virtuais. O cenario que foi criado tem duas máquinas virtuais (servidor e cliente), e ambas as maquinas estão ligadas há mesma rede interna. O servidor vai ser executado numa das maquinas e vai ter o sistema operativo \textit{CentOS 9}, edereço 20.60.0.1, alojar um servidor \textit{Node.js} com o \textit{Juicebox} (a aplicação cobaia) na port 3000 e contém o seviço \textit{Apache} que através do módulo \textit{ModSecurity} funcionará como \textbf{WAF}. O cliente vai ser processado na maquina com o sistema operativo \textit{Kali Linux} e vai ter o edereço 20.60.0.2.
+
+Com o ambiente criado foram realizadas duas etapas de testes:
+\begin{itemize}
+	\item \texttt{Primeira etapa}: Explorar vulnerabilidades na aplicação que existem sem a \textbf{WAF}
+	\item \texttt{Segunda etapa}:Verificar que vulnerabilidades foram mitigadas da primeira etapa com o uso de uma \textbf{WAF} configurada.
+\end{itemize}
+Realisticamente estas etapas podiam continuar a repetir-se, até que estivessemos satisfeitos com o resultado, mas para o fim deste projeto estas etapas serão suficientes.


 \subsection{Network structure}

 \begin{itemize}
-  \item \textbf{Client (20.60.0.0/24)} – Cliente.
-  \item \textbf{Server (10.60.0.0/24)} – Apache+ModSecurity e JuiceShop.
+  \item \textbf{Client (20.60.0.0/24)} Cliente.
+  \item \textbf{Server (10.60.0.0/24)} Apache+ModSecurity e JuiceShop.
 \end{itemize}

+
 \subsection{Servers}
 \begin{itemize}
-  \item \textbf{10.60.0.1} – Servidor CentOS 9 com WAF e aplicação JuiceShop.
+  \item \textbf{10.60.0.1} Servidor CentOS 9 com WAF e aplicação JuiceShop.
 \end{itemize}

 \subsection{Services}
@@ -65,6 +80,8 @@ mitigar as várias vulnerabilidades que foram encontradas na etapa anterior.

 Utilizámos a política por omissão (\textit{default policy}) para a realização do \textit{Active Scan} através do OWASP ZAP. Com esta abordagem, obtivemos múltiplos alertas automáticos. De forma a priorizar a análise, investigamos as alertas principais com base no maior nível de risco e grau de confiança reportados pela ferramenta.

+Para conseguir informação inicial realizamos um \textit{Active Scan} através do \textit{OWASP ZAP}, o policy utilizado para esse scan foi \textit{Default Policy}. Foi obtido vários aletas automáticos devido a esse scan e decidimos investigar as alertas principais com base no nível de risco e grau de confiança reportado pela ferramenta.
+
 Adicionalmente, realizámos testes de infraestrutura  utilizando ferramentas especializadas:

 \begin{codeblock}{bash}
@@ -81,6 +98,7 @@ Paralelamente, realizámos uma descoberta de ficheiros e diretórios através de
    \item \texttt{/api-docs}: Documentação e esquemas estruturais da API.
 \end{itemize}

+
 \subsection{Configuration and Deployment Management Testing}

 \subsubsection*{Enumerate Infrastructure and Application Admin Interfaces}
@@ -172,6 +190,7 @@ Durante a auditoria à barra de pesquisa de produtos, validámos a existência d
    O filtro falhou ao inspecionar este atributo e o navegador executou o código JavaScript com sucesso quando a imagem falhou o carregamento.
 \end{enumerate}

+\subsubsection{Testing for SQL Injection}
 Adicionalmente, explorámos o mesmo parâmetro de pesquisa recorrendo ao \textit{sqlmap} para validar falhas de injeção SQL, conseguindo extrair com sucesso a estrutura de 22 tabelas da base de dados:

 \begin{codeblock}{bash}
@@ -204,6 +223,9 @@ sqlmap -u "http://10.60.0.1:3000/rest/products/search?q=apple" -p q --dbms=sqlit
 +-----------------------+
 \end{codeblock}

+
+Apesar de não ter sido detetado pelo active scan foi feito fuzzing nos detalhes de login para saber se estava vulneravel a esse tipo de ataques visto que existia essa vulnerabilidade noutros paremetros. Verificamos que de facto também estava vulneravel a SQL Injection, e que a resposta era a tabela com o
+
 \subsection{Testing for Error Handling}

 Ao tentar forçar o acesso a uma página ou ficheiro inexistente no servidor de ficheiros, como por exemplo na rota \texttt{/ftp/teste}, a aplicação falhou ao tratar a exceção de forma segura. Em vez de apresentar uma página de erro genérica (404), o servidor devolveu uma resposta detalhada expondo o \textit{stack trace} completo do ambiente \textit{Express.js}, revelando caminhos internos do sistema de ficheiros do servidor.
--- a/relatorio/relatorio.toc
+++ b/relatorio/relatorio.toc
@@ -4,24 +4,25 @@
 \contentsline {subsection}{\numberline {2.1}Network structure}{3}{subsection.2.1}%
 \contentsline {subsection}{\numberline {2.2}Servers}{3}{subsection.2.2}%
 \contentsline {subsection}{\numberline {2.3}Services}{3}{subsection.2.3}%
-\contentsline {section}{\numberline {3}Web application security testing}{3}{section.3}%
-\contentsline {subsection}{\numberline {3.1}Information Gathering}{3}{subsection.3.1}%
+\contentsline {section}{\numberline {3}Web application security testing}{4}{section.3}%
+\contentsline {subsection}{\numberline {3.1}Information Gathering}{4}{subsection.3.1}%
 \contentsline {subsection}{\numberline {3.2}Configuration and Deployment Management Testing}{4}{subsection.3.2}%
-\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{4}{subsection.3.3}%
-\contentsline {subsection}{\numberline {3.4}Authentication Testing}{6}{subsection.3.4}%
-\contentsline {subsection}{\numberline {3.5}Authorization Testing}{6}{subsection.3.5}%
+\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{5}{subsection.3.3}%
+\contentsline {subsection}{\numberline {3.4}Authentication Testing}{7}{subsection.3.4}%
+\contentsline {subsection}{\numberline {3.5}Authorization Testing}{7}{subsection.3.5}%
 \contentsline {subsection}{\numberline {3.6}Session Management Testing}{7}{subsection.3.6}%
 \contentsline {subsection}{\numberline {3.7}Input Validation Testing}{7}{subsection.3.7}%
+\contentsline {subsubsection}{\numberline {3.7.1}Testing for SQL Injection}{8}{subsubsection.3.7.1}%
 \contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{8}{subsection.3.8}%
-\contentsline {subsection}{\numberline {3.9}Client Side Testing}{8}{subsection.3.9}%
-\contentsline {section}{\numberline {4}Web Application Security Firewall}{9}{section.4}%
-\contentsline {subsection}{\numberline {4.1}Information Gathering}{9}{subsection.4.1}%
-\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{9}{subsection.4.2}%
-\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{9}{subsection.4.3}%
-\contentsline {subsection}{\numberline {4.4}Authentication Testing}{9}{subsection.4.4}%
-\contentsline {subsection}{\numberline {4.5}Authorization Testing}{9}{subsection.4.5}%
-\contentsline {subsection}{\numberline {4.6}Session Management Testing}{9}{subsection.4.6}%
-\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{9}{subsection.4.7}%
-\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{9}{subsection.4.8}%
-\contentsline {subsection}{\numberline {4.9}Client Side Testing}{9}{subsection.4.9}%
-\contentsline {section}{\numberline {5}Conclusions}{9}{section.5}%
+\contentsline {subsection}{\numberline {3.9}Client Side Testing}{9}{subsection.3.9}%
+\contentsline {section}{\numberline {4}Web Application Security Firewall}{10}{section.4}%
+\contentsline {subsection}{\numberline {4.1}Information Gathering}{10}{subsection.4.1}%
+\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{10}{subsection.4.2}%
+\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{10}{subsection.4.3}%
+\contentsline {subsection}{\numberline {4.4}Authentication Testing}{10}{subsection.4.4}%
+\contentsline {subsection}{\numberline {4.5}Authorization Testing}{10}{subsection.4.5}%
+\contentsline {subsection}{\numberline {4.6}Session Management Testing}{10}{subsection.4.6}%
+\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{10}{subsection.4.7}%
+\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{10}{subsection.4.8}%
+\contentsline {subsection}{\numberline {4.9}Client Side Testing}{10}{subsection.4.9}%
+\contentsline {section}{\numberline {5}Conclusions}{10}{section.5}%