nodezeroat
diff --git a/‎Curriculum/Module 04 - Web Security/assignments/Module_04_Assignment_1.md‎
Lines changed: 163 additions & 47 deletions b/‎Curriculum/Module 04 - Web Security/assignments/Module_04_Assignment_1.md‎
Lines changed: 163 additions & 47 deletions
@@ -1,16 +1,18 @@
-# Assignment: Completing and Analyzing PortSwigger Web Security Labs
+# Assignment: Comprehensive Web Security Lab Challenge
 
 ## Objective
 
-The purpose of this assignment is to hone your hands-on skills in web security by engaging with real-world simulations. You will complete two labs from each category at PortSwigger's Web Security Academy and draft comprehensive write-ups detailing your findings, approaches, and solutions.
+The purpose of this assignment is to hone your hands-on skills in web security by engaging with real-world simulations. You will complete a series of labs from PortSwigger's Web Security Academy across multiple difficulty levels and categories, and draft comprehensive write-ups detailing your findings, approaches, and solutions. This assignment simulates real-world penetration testing scenarios and prepares you for professional security assessments.
 
 ## Instructions
 
 ### 1. **Selection of Labs:**
 
 - Visit [PortSwigger's Web Security Academy](https://portswigger.net/web-security/all-labs).
-- From the list of categories, select at least two labs ("PRACTITIONER" or higher) from five categories that you find intriguing or challenging. (10 Labs total)
-- Begin each lab by thoroughly reading the provided instructions and understanding the objectives.
+- Complete **10 total labs** with the following requirements:
+  - At least **10 PRACTITIONER level** (or higher)
+- You must complete labs from **at least 5 different categories**.
+- Begin each lab by thoroughly reading the provided instructions and understanding the objectives
 
 ### 2. **Lab Completion:**
 
@@ -20,27 +22,59 @@ The purpose of this assignment is to hone your hands-on skills in web security b
 
 ### 3. **Write-up Compilation:**
 
-- For each lab you've completed, create a detailed write-up.
-  - **Introduction:** Briefly describe the lab and its main objectives.
-  - **Approach:** Detail the steps and methods you used to exploit the vulnerabilities.
-  - **Challenges Faced:** Discuss any hurdles or difficulties you encountered and how you overcame them.
-  - **Conclusion:** Summarize the key learnings from the lab and any additional insights you gained.
-- Ensure each write-up is clear, organized, and demonstrates your understanding of the lab's content.
+For each lab you've completed, create a detailed write-up with the following structure:
+
+**Required Sections:**
+
+- **Introduction:** Briefly describe the lab, its difficulty level, category, and main objectives
+- **Vulnerability Analysis:** Explain what vulnerability exists and why it's exploitable
+- **Approach:** Detail the step-by-step process you used to exploit the vulnerability
+- **Challenges Faced:** Discuss any hurdles or difficulties you encountered and how you overcame them
+- **Impact Assessment:** What could an attacker achieve with this vulnerability in a real-world scenario?
+- **Remediation:** How should this vulnerability be fixed? Provide specific recommendations
+- **Conclusion:** Summarize the key learnings from the lab and any additional insights you gained
+
+**Additional Requirements:**
+
+- Include screenshots showing successful exploitation (flag capture or solved confirmation)
+- Document the exact payloads or requests you used
+- Reference relevant OWASP categories where applicable
+- Ensure each write-up is clear, organized, and demonstrates your understanding of the lab's content
 
 ### 4. **Submission:**
 
 - Combine all your write-ups into a single, well-organized document.
-- Your document should have a table of contents, indicating the category and title of each lab.
-- Like any professional report, ensure your document has a cover page with your name, date, and a title that encapsulates the nature of the assignment.
+- Your document should include:
+  - **Cover page** with your name, date, and assignment title
+  - **Table of contents** with page numbers, organized by category or difficulty
+  - **Executive summary** (1 page): Brief overview of labs completed, key skills demonstrated, and overall learning outcomes
+  - **Lab write-ups** (main section): All 10 labs with complete documentation as specified above
+  - **Reflection** (1-2 pages): Overall lessons learned, which challenges were most valuable, and areas for further study
+  - **Appendix**: Complete list of labs with URLs and difficulty levels
+- Organize labs by category or difficulty level (your choice)
+- Expected length: 15-30 pages (quality over quantity)
+
+## Submission Requirements
 
-## Submission Guidelines
+### Deliverables
 
-1. **Lab Write-up Document:**
-   - Submit your consolidated lab write-ups as a PDF document on Google Drive.
-   - Ensure your name, date, and the title of the assignment are included on the cover page.
-   - Ensure your file is named according to the naming convention.
+1. **Comprehensive Lab Report (PDF)**:
+   - Professional formatting with cover page and table of contents
+   - All sections as outlined above
+   - Screenshots embedded inline with explanations
+   - Code blocks and payloads properly formatted
+   - File naming: `Module04_Assignment1_[YourName].pdf`
 
-### Evaluation Criteria
+### Format Requirements
+
+- **Document**: PDF format, professional appearance
+- **Code**: Syntax highlighted, properly formatted
+- **Screenshots**: Clear, annotated with explanations
+- **Submission**: Upload to Google Drive per course guidelines
+
+---
+
+## Evaluation Criteria
 
 1. **Lab Completion:**
 
@@ -58,45 +92,127 @@ The purpose of this assignment is to hone your hands-on skills in web security b
    - Variety and difficulty of the labs chosen.
    - Thoroughness in exploring and documenting each lab.
 
-By undertaking this assignment, you will not only improve your practical skills in web security but also your ability to document and communicate complex processes, which is invaluable in the cybersecurity field.
-
-## Bonus Points Task: Advanced Lab Completion
+## Bonus Points Task: Advanced EXPERT Lab Completion
 
 ### Objective
 
-Earn bonus points by challenging yourself with more advanced labs. This task will demonstrate your ability to tackle higher complexity problems and deepen your practical understanding of web security.
+Earn bonus points by challenging yourself with advanced EXPERT-level labs. This task will demonstrate your ability to tackle higher complexity problems and deepen your practical understanding of web security.
+
+### Requirements (up to 10 additional points)
+
+Complete **5 additional EXPERT-level labs** from PortSwigger Web Security Academy:
+
+- All 5 labs must be rated **EXPERT** difficulty
+- Labs should be from **at least 3 different categories**
+- Provide the same detailed write-ups as the main assignment
+- Include additional analysis of the advanced techniques required
+
+### Bonus Submission Guidelines
+
+- Include these EXPERT lab write-ups in your report as a separate section titled **"Bonus: EXPERT Lab Challenges"**
+- Follow the same write-up format as your main labs
+- Clearly indicate the difficulty level and category for each bonus lab
+- In your write-ups, specifically address:
+  - What made this lab more complex than PRACTITIONER level?
+  - What advanced techniques or tools were required?
+  - How does this lab represent real-world attack scenarios?
+
+### Bonus Evaluation Criteria
+
+- **Lab Completion** (5 points): Successfully completed 5 EXPERT labs from 3+ categories
+- **Write-up Quality** (3 points): Clear documentation of advanced techniques and complexity
+- **Advanced Understanding** (2 points): Deep technical insight and professional analysis
+
+## Tips for Success
+
+### Strategy
+
+1. **Start with easier labs**: Build confidence with APPRENTICE/PRACTITIONER before attempting EXPERT
+2. **Progress gradually**: Move to higher difficulty as you gain skills
+3. **Document immediately**: Take screenshots and notes as you solve each lab
+4. **Understand, don't memorize**: Focus on understanding the vulnerability, not just solving the lab
+5. **Use hints wisely**: PortSwigger provides hints; use them after genuine effort
+
+### Technical Approach
+
+1. **Read carefully**: Lab descriptions contain important clues
+2. **Use Burp Suite**: Essential for intercepting and modifying requests
+3. **Analyze responses**: Server responses often reveal vulnerabilities
+4. **Try variations**: If one payload doesn't work, modify it
+5. **Consult documentation**: PortSwigger provides excellent learning materials
+
+### Common Pitfalls to Avoid
+
+- ❌ Copying solutions without understanding
+- ❌ Skipping documentation until the end
+- ❌ Only doing easy labs
+- ❌ Not taking screenshots of successful exploitation
+- ❌ Generic remediation recommendations without specifics
+
+---
+
+## Academic Integrity
+
+### Allowed Resources
+
+- ✅ PortSwigger Web Security Academy materials and hints
+- ✅ Module 04 lecture notes and slides
+- ✅ OWASP documentation and cheat sheets
+- ✅ Official tool documentation (Burp Suite, etc.)
+- ✅ Your own notes from lectures and previous assignments
+
+### Not Allowed
+
+- ❌ Copying writeups from other students
+- ❌ Sharing solutions or flags with classmates
+- ❌ Submitting AI-generated content without understanding
+- ❌ Plagiarizing online writeups (learning from them is okay, copying is not)
+
+**This is individual work. You must complete labs yourself and write your own analysis.**
+
+### Citation Requirements
+
+- Cite any resources used for learning (tutorials, documentation)
+- If you consulted a hint or partial solution, acknowledge it
+- Document all tools used
+
+**Violations of academic integrity will result in a zero for the assignment and potential further consequences.**
+
+---
+
+## Important Notes
+
+1. **Start Early**: This assignment requires significant time and effort
+2. **Quality Over Quantity**: Thorough documentation of 10 labs beats superficial coverage of 15
+3. **Learn, Don't Just Complete**: The goal is mastery, not just collecting flags
+4. **Bonus is Optional**: EXPERT labs are challenging; attempt them only after mastering PRACTITIONER level
+5. **Ask Questions**: Use class hours if stuck (but don't ask for solutions)
+6. **Professional Standards**: Write as if this is a real penetration testing report
+
+---
 
-### Instructions
+## Resources
 
-1. **Advanced Lab Selection:**
-   - Return to [PortSwigger's Web Security Academy](https://portswigger.net/web-security/all-labs).
-   - From each category, select at least one additional lab with the difficulty rating of "PRACTITIONER" or higher.
+**Essential:**
 
-2. **Lab Completion:**
-   - Successfully complete the chosen advanced labs.
-   - Pay particular attention to the complexity and the advanced techniques required for these labs.
+- **PortSwigger Web Security Academy**: <https://portswigger.net/web-security>
+- **OWASP Top 10**: <https://owasp.org/www-project-top-ten/>
+- **OWASP API Security Top 10**: <https://owasp.org/www-project-api-security/>
+- **OWASP Cheat Sheet Series**: <https://cheatsheetseries.owasp.org/>
+- **Burp Suite Documentation**: <https://portswigger.net/burp/documentation>
 
-3. **Enhanced Write-up:**
-   - Provide detailed write-ups for each additional lab completed.
-   - Follow the same format as your previous write-ups:
-     - **Introduction:** Brief overview of the lab's objectives and challenges.
-     - **Approach:** Detailed description of your approach to solving the lab.
-     - **Challenges Faced:** Discuss any additional challenges faced due to the higher difficulty and how you overcame them.
-     - **Conclusion:** Reflect on what you learned from completing these more advanced labs.
+**Tools:**
 
-### Additional Submission Guidelines for Bonus Points
+- Burp Suite Community (essential)
+- Browser Developer Tools
+- Text editor for payload crafting
 
-- Include these advanced lab write-ups in your report as an additional section or append them to the respective categories.
-- Clearly mark these sections as "Bonus Points Task: Advanced Lab Completion" for easy identification.
+---
 
-### Evaluation Criteria for Bonus Points
+## Deadline
 
-1. **Lab Completion and Complexity:**
-   - Successful completion of higher-difficulty labs.
-   - Understanding and application of advanced techniques.
+Refer to the course schedule for the specific deadline. **Late submissions will be penalized according to course policy.**
 
-2. **Depth and Quality of Write-ups:**
-   - Clarity, detail, and technical accuracy in the write-ups.
-   - Insightfulness in the reflection of challenges and learnings.
+---
 
-Completing these advanced labs will not only earn you bonus points but also significantly enhance your skill set in web security, preparing you for more complex and real-world scenarios.
+By undertaking this assignment, you will not only improve your practical skills in web security but also your ability to document and communicate complex processes, which is invaluable in the cybersecurity field. This comprehensive challenge prepares you for real-world penetration testing and bug bounty hunting.