These courses expects a high standard of professionalism from its students with regard to how Web Application Security Testing is conducted. We expect all students to act in good faith at all times - including but not limited to:
Your actions speak volumes; It is our responsibility to uphold the reputation of the course, the course staff, fellow students, the school, the university and the ICT profession.
If you are unsure
whether your actions may violate this policy
,
ask the course staff for guidance.
Failure to adhere to this policy may result in an academic penalty.
As a student of this course, you have this written permission to attack
*.quoccacorp.com
, with the following
exceptions
:
ctfd.quoccacorp.com
)
questions.quoccacorp.com
)
*.internal.quoccacorp.com
)
midterm.quoccacorp.com
,
final.quoccacorp.com
)
*.midterm.quoccacorp.com
,
*.final.quoccacorp.com
) are not included in this exception and are therefore within scope.
*.unsw.edu.au
)
When exploiting challenges, avoid exploits that will break them, so that other students have the opportunity to solve them. This is especially important during exams. An example of this is deliberately running a 'drop table' command using SQL injection during an exam. Deliberately breaking challenges without regard for others' learning may result in an academic penalty.
This all said, if you think you've found an interesting vulnerability or exploit that would affect any of these exceptions, including causing downtime, feel free to ask after a lecture or during Hamish's tute (W18B) and chances are we'll let you - we just need to know its happening beforehand so we can quickly fix it afterwards!
This scope does not allow you to do any sort of physical attacks or social engineering on any of the course staff members or your fellow students. For any targets outside this scope, we do not have the authority to give you attacking permission.
Under no circumstances can you attack UNSW infrastructure (
*.unsw.edu.au
).
If you are unsure , ask the course staff for guidance.
Resource created 5 months ago, last modified 4 months ago.