Hands-on security engineering labs focused on network discovery, web application testing, and security tooling analysis using intentionally vulnerable targets in a controlled lab environment.
This repository documents how I test systems, not just the tools I use.
The goal of this repository is to demonstrate practical security engineering skills, including:
- Identifying exposed services and attack surface
- Intercepting and analyzing authentication flows
- Understanding session handling and authorization boundaries
- Documenting findings clearly and responsibly
- Recognizing tooling limitations and operational realities
All testing is performed ethically against intentionally vulnerable applications in isolated lab environments.
- Attacker: Kali Linux
- Targets:
- Metasploitable2
- OWASP Juice Shop
- Tools:
- Nmap
- Burp Suite Community Edition
- Docker
- Network: Isolated host-only / local lab networks
No production, external, or unauthorized systems were tested.
security-testing-labs/ βββ methodology/ β βββ testing-approach.md β βββ network-discovery/ β βββ overview.md β βββ nmap-host-discovery.md β βββ nmap-service-enumeration.md β βββ findings-summary.md β βββ sanitized-screenshots/ β βββ web-application-testing/ β βββ authentication/ β βββ testcase-02-authentication-interception.md β βββ testcase-03-session-behavior.md β βββ evidence/ β βββ tooling-limitations/ β βββ openvas-gvmd-limitations.md β βββ README.md
Each section builds on the previous one, moving from surface-level discovery to application-layer security testing.
- Host discovery and service enumeration
- Attack surface identification
- Risk-based observations and remediation context
- Proxying traffic through Burp Suite
- Intercepting authentication requests
- Analyzing unauthorized vs authenticated behavior
- Observing API responses and session state handling
- Practical challenges encountered during setup and use
- Why tools sometimes fail or behave unexpectedly
- Lessons learned from troubleshooting real environments
- Screenshots are sanitized
- No credentials, tokens, or personal data are exposed
- Evidence supports findings without oversharing sensitive details
This mirrors real-world reporting standards.
This repository emphasizes:
- Understanding why something behaves a certain way
- Validating assumptions with evidence
- Thinking like a defender while testing like an attacker
- Clear, structured documentation suitable for technical audiences
Planned expansions include:
- Authorization bypass testing
- Input validation and injection testing
- API misuse scenarios
- Mapping findings to OWASP ASVS and Top 10 controls
All activities documented here were conducted in controlled lab environments for educational and professional development purposes only.
If youβre reviewing this repository as part of an interview process, Iβm happy to walk through how each test was designed, executed, and interpreted.