Lab Five
Executive Summary A security test is a method of evaluating the security of a computer system or network by methodically validating and verifying the effectiveness of application security controls. A web application security test focuses only on evaluating the security of a web application. The process involves an active analysis of the application for any weaknesses, technical flaws, or vulnerabilities. Any security issues that are found will be presented to the system owner, together with an assessment of the impact, a proposal for mitigation or a technical solution (Open Web Application Security Project [OWASP], 2014a). Vulnerability is a flaw or weakness in a system's design, implementation, operation or management that could be exploited to compromise the system's security objectives. A threat is anything such as a malicious external attacker, an internal user, or a system instability that can harm the owner’s assets by an application or resource of value, such as data in a database or in the file system by exploiting vulnerabilities. A test is an action to demonstrate that an application meets the security requirements of its stakeholders (OWASP, 2014a).

Test to Be Performed
The first phase in security assessment is focused on collecting as much information as possible about a target application. Information Gathering is the most critical step of an application security test. The security test should endeavor to test as much of the code base as possible. Thus mapping all possible paths through the code to facilitate thorough testing is paramount (OWASP, 2012b). This task can be carried out in many different ways such as by using public tools or search engines, scanners, sending simple HTTP requests, or specially crafted requests. It is possible to force an application to leak information by disclosing error messages or revealing the