This project showcases a hands-on cybersecurity home lab designed to simulate real-world environments for vulnerability scanning and web application security testing. The lab leverages containerized applications and industry-relevant security tools to practice identifying, analyzing, and understanding common vulnerabilities.<\/p>\n\n\n\n
The primary goal of this lab is to bridge the gap between theoretical knowledge and practical cybersecurity skills by creating a controlled environment for testing, troubleshooting, and security analysis.<\/p>\n\n\n\n
\n\n\n\n
LAB SETUP<\/h2>\n\n\n\n\n- Client System:<\/strong> MacBook Pro<\/li>\n\n\n\n
- Host System:<\/strong> Raspberry Pi (Docker Host – ARM 64)<\/li>\n\n\n\n
- Network:<\/strong> Local private lab environment<\/li>\n<\/ul>\n<\/div>\n\n\n\n\n
Tools Used<\/h2>\n\n\n\n\n- Docker<\/li>\n\n\n\n
- Docker Compose<\/li>\n\n\n\n
- Portainer.io<\/li>\n\n\n\n
- Pi-hole (DNS Filtering)<\/li>\n\n\n\n
- Nessus Essentials<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n
\n\n\n\n\n\nApplications<\/h2>\n\n\n\n\n- OWASP Juice Shop (Port 3001)<\/li>\n\n\n\n
- OWASP WebGoat (Port 8081)<\/li>\n\n\n\n
- DVWA – Damn Vulnerable Web App (Port 8082)<\/li>\n\n\n\n
- MariaDB (Backend database)<\/li>\n<\/ul>\n<\/div>\n\n\n\n\n
What I Did<\/h2>\n\n\n\n\n- Designed and deployed a multi-container lab environment using Docker Compose<\/li>\n\n\n\n
- Configured inter-container networking between web applications and a database<\/li>\n\n\n\n
- Managed and monitored services using Portainer<\/li>\n\n\n\n
- Troubleshot real-world deployment issues:\n
\n- Port conflicts<\/li>\n\n\n\n
- ARM vs x86 image compatibility<\/li>\n\n\n\n
- DNS resolution failures<\/li>\n\n\n\n
- Container restart loops<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Performed vulnerability scanning using Nessus Essentials<\/li>\n\n\n\n
- Conducted hands-on web application security testing using OWASP tools<\/li>\n\n\n\n
- Successfully executed SQL Injection attacks against DVWA to extract database records<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n
\n\n\n\nExploit Demonstration: SQL Injection<\/strong><\/h2>\n\n\n\nDuring testing in DVWA, I exploited a classic SQL Injection vulnerability using the following input:<\/p>\n\n\n\n
‘ OR ‘1’ =’1<\/p>\n\n\n\n
This payload bypassed application logic and forced the database to return all user records.<\/p>\n\n\n\n
Impact:<\/strong><\/h3>\n\n\n\n\n- Authentication bypass<\/li>\n\n\n\n
- Full database enumeration<\/li>\n\n\n\n
- Exposure of sensitive user data<\/li>\n<\/ul>\n\n\n\n
This demonstrates how improper input validation and lack of parameterized queries can lead to critical security vulnerabilities.<\/p>\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-content\/uploads\/sites\/38223\/2026\/04\/image-5-1024x589.png\")
<\/a><\/figure>\n\n\n\nFigure 1: Cyber Lab Stack Deployment in Portainer<\/strong><\/h2>\n\n\n\nThis view shows the deployed cybersecurity lab environment managed through Portainer. The stack includes multiple containerized services such as DVWA, OWASP Juice Shop, WebGoat, and a MariaDB backend. Each service is running within a Docker Compose stack, demonstrating container orchestration and service communication.<\/p>\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-content\/uploads\/sites\/38223\/2026\/04\/image-709x1024.png\")
<\/a><\/figure>\n\n\n\nFigure 2: Docker Compose Configuration<\/strong><\/h3>\n\n\n\nThe Docker Compose file defines all services in the lab, including vulnerable web applications and the MariaDB backend. It includes:<\/p>\n\n\n\n
\n- Service definitions<\/li>\n\n\n\n
- Port mappings<\/li>\n\n\n\n
- Environment variables<\/li>\n\n\n\n
- Health checks and dependencies<\/li>\n<\/ul>\n\n\n\n
This reflects real-world infrastructure-as-code practices used in modern environments.<\/p>\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-content\/uploads\/sites\/38223\/2026\/04\/Screenshot-2026-04-05-at-12.00.42\u202fAM.png\")
<\/a><\/figure>\n\n\n\nFigure 3: OWASP Juice Shop<\/strong><\/h3>\n\n\n\nJuice Shop simulates a modern vulnerable web application and includes common security flaws such as:<\/p>\n\n\n\n
\n- Injection vulnerabilities<\/li>\n\n\n\n
- Broken authentication<\/li>\n\n\n\n
- Sensitive data exposure<\/li>\n<\/ul>\n\n\n\n
It serves as a realistic target for web application testing.<\/p>\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-content\/uploads\/sites\/38223\/2026\/04\/image-1.png\")
<\/a><\/figure>\n\n\n\nFigure 4: OWASP WebGoat<\/strong><\/h3>\n\n\n\nWebGoat provides structured, lesson-based training on secure coding and vulnerability exploitation, reinforcing theoretical concepts through guided exercises.<\/p>\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-content\/uploads\/sites\/38223\/2026\/04\/Screenshot-2026-04-07-at-7.39.05\u202fPM.png\")
<\/a><\/figure>\n\n\n\nFigure 5: DVWA SQL Injection Exploit<\/strong><\/h3>\n\n\n\nDVWA was used to demonstrate hands-on exploitation of SQL Injection vulnerabilities. The lab environment allowed safe testing of attack techniques and analysis of application behavior under malicious input.<\/p>\n\n\n\n
\n\n\n\n![\"\"](\"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-content\/uploads\/sites\/38223\/2026\/04\/Screenshot-2026-04-04-at-11.43.54\u202fPM-1024x546.png\")
<\/a><\/figure>\n\n\n\nFigure 6: Nessus Scan Results<\/strong><\/h3>\n\n\n\nNessus Essentials was used to scan the lab network and identify:<\/p>\n\n\n\n
\n- Open ports<\/li>\n\n\n\n
- Running services<\/li>\n\n\n\n
- Potential vulnerabilities<\/li>\n<\/ul>\n\n\n\n
This simulates how security teams assess environments in real-world scenarios.<\/p>\n\n\n\n
\n\n\n\nKey Skills Demonstrated<\/strong><\/h2>\n\n\n\n\n- Containerization and deployment using Docker<\/li>\n\n\n\n
- Infrastructure design using Docker Compose<\/li>\n\n\n\n
- Container management using Portainer<\/li>\n\n\n\n
- Network troubleshooting and DNS configuration<\/li>\n\n\n\n
- Vulnerability scanning and analysis using Nessus<\/li>\n\n\n\n
- Web application security testing (OWASP Top 10)<\/li>\n\n\n\n
- SQL Injection exploitation<\/li>\n\n\n\n
- Debugging real-world system and deployment issues<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nConclusion<\/strong><\/h2>\n\n\n\nThis homelab provided hands-on experience in building, managing, and securing a containerized environment. By deploying vulnerable applications and actively exploiting them, I gained practical insight into how security weaknesses are identified and abused in real-world systems.<\/p>\n\n\n\n
This project demonstrates not only technical knowledge, but also the ability to troubleshoot complex issues, design functional environments, and apply offensive security techniques in a controlled setting.<\/p>\n","protected":false},"excerpt":{"rendered":"
Overview This project showcases a hands-on cybersecurity home lab designed to simulate real-world environments for vulnerability scanning and web application security testing. The lab leverages containerized applications and industry-relevant security tools to practice identifying, analyzing, and understanding common vulnerabilities. The primary goal of this lab is to bridge the gap between theoretical knowledge and practical … Continue reading Cybersecurity Home Lab: Web Application Security Testing Environment<\/span><\/a><\/p>\n","protected":false},"author":30417,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/users\/30417"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/comments?post=419"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions"}],"predecessor-version":[{"id":463,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions\/463"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/media?parent=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Tools Used<\/h2>\n\n\n\n\n- Docker<\/li>\n\n\n\n
- Docker Compose<\/li>\n\n\n\n
- Portainer.io<\/li>\n\n\n\n
- Pi-hole (DNS Filtering)<\/li>\n\n\n\n
- Nessus Essentials<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n
\n\n\n\n\n\nApplications<\/h2>\n\n\n\n\n- OWASP Juice Shop (Port 3001)<\/li>\n\n\n\n
- OWASP WebGoat (Port 8081)<\/li>\n\n\n\n
- DVWA – Damn Vulnerable Web App (Port 8082)<\/li>\n\n\n\n
- MariaDB (Backend database)<\/li>\n<\/ul>\n<\/div>\n\n\n\n\n
What I Did<\/h2>\n\n\n\n\n- Designed and deployed a multi-container lab environment using Docker Compose<\/li>\n\n\n\n
- Configured inter-container networking between web applications and a database<\/li>\n\n\n\n
- Managed and monitored services using Portainer<\/li>\n\n\n\n
- Troubleshot real-world deployment issues:\n
\n- Port conflicts<\/li>\n\n\n\n
- ARM vs x86 image compatibility<\/li>\n\n\n\n
- DNS resolution failures<\/li>\n\n\n\n
- Container restart loops<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Performed vulnerability scanning using Nessus Essentials<\/li>\n\n\n\n
- Conducted hands-on web application security testing using OWASP tools<\/li>\n\n\n\n
- Successfully executed SQL Injection attacks against DVWA to extract database records<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n
\n\n\n\nExploit Demonstration: SQL Injection<\/strong><\/h2>\n\n\n\nDuring testing in DVWA, I exploited a classic SQL Injection vulnerability using the following input:<\/p>\n\n\n\n
‘ OR ‘1’ =’1<\/p>\n\n\n\n
This payload bypassed application logic and forced the database to return all user records.<\/p>\n\n\n\n
Impact:<\/strong><\/h3>\n\n\n\n\n- Authentication bypass<\/li>\n\n\n\n
- Full database enumeration<\/li>\n\n\n\n
- Exposure of sensitive user data<\/li>\n<\/ul>\n\n\n\n
This demonstrates how improper input validation and lack of parameterized queries can lead to critical security vulnerabilities.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 1: Cyber Lab Stack Deployment in Portainer<\/strong><\/h2>\n\n\n\nThis view shows the deployed cybersecurity lab environment managed through Portainer. The stack includes multiple containerized services such as DVWA, OWASP Juice Shop, WebGoat, and a MariaDB backend. Each service is running within a Docker Compose stack, demonstrating container orchestration and service communication.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 2: Docker Compose Configuration<\/strong><\/h3>\n\n\n\nThe Docker Compose file defines all services in the lab, including vulnerable web applications and the MariaDB backend. It includes:<\/p>\n\n\n\n
\n- Service definitions<\/li>\n\n\n\n
- Port mappings<\/li>\n\n\n\n
- Environment variables<\/li>\n\n\n\n
- Health checks and dependencies<\/li>\n<\/ul>\n\n\n\n
This reflects real-world infrastructure-as-code practices used in modern environments.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 3: OWASP Juice Shop<\/strong><\/h3>\n\n\n\nJuice Shop simulates a modern vulnerable web application and includes common security flaws such as:<\/p>\n\n\n\n
\n- Injection vulnerabilities<\/li>\n\n\n\n
- Broken authentication<\/li>\n\n\n\n
- Sensitive data exposure<\/li>\n<\/ul>\n\n\n\n
It serves as a realistic target for web application testing.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 4: OWASP WebGoat<\/strong><\/h3>\n\n\n\nWebGoat provides structured, lesson-based training on secure coding and vulnerability exploitation, reinforcing theoretical concepts through guided exercises.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 5: DVWA SQL Injection Exploit<\/strong><\/h3>\n\n\n\nDVWA was used to demonstrate hands-on exploitation of SQL Injection vulnerabilities. The lab environment allowed safe testing of attack techniques and analysis of application behavior under malicious input.<\/p>\n\n\n\n
\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 6: Nessus Scan Results<\/strong><\/h3>\n\n\n\nNessus Essentials was used to scan the lab network and identify:<\/p>\n\n\n\n
\n- Open ports<\/li>\n\n\n\n
- Running services<\/li>\n\n\n\n
- Potential vulnerabilities<\/li>\n<\/ul>\n\n\n\n
This simulates how security teams assess environments in real-world scenarios.<\/p>\n\n\n\n
\n\n\n\nKey Skills Demonstrated<\/strong><\/h2>\n\n\n\n\n- Containerization and deployment using Docker<\/li>\n\n\n\n
- Infrastructure design using Docker Compose<\/li>\n\n\n\n
- Container management using Portainer<\/li>\n\n\n\n
- Network troubleshooting and DNS configuration<\/li>\n\n\n\n
- Vulnerability scanning and analysis using Nessus<\/li>\n\n\n\n
- Web application security testing (OWASP Top 10)<\/li>\n\n\n\n
- SQL Injection exploitation<\/li>\n\n\n\n
- Debugging real-world system and deployment issues<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nConclusion<\/strong><\/h2>\n\n\n\nThis homelab provided hands-on experience in building, managing, and securing a containerized environment. By deploying vulnerable applications and actively exploiting them, I gained practical insight into how security weaknesses are identified and abused in real-world systems.<\/p>\n\n\n\n
This project demonstrates not only technical knowledge, but also the ability to troubleshoot complex issues, design functional environments, and apply offensive security techniques in a controlled setting.<\/p>\n","protected":false},"excerpt":{"rendered":"
Overview This project showcases a hands-on cybersecurity home lab designed to simulate real-world environments for vulnerability scanning and web application security testing. The lab leverages containerized applications and industry-relevant security tools to practice identifying, analyzing, and understanding common vulnerabilities. The primary goal of this lab is to bridge the gap between theoretical knowledge and practical … Continue reading Cybersecurity Home Lab: Web Application Security Testing Environment<\/span><\/a><\/p>\n","protected":false},"author":30417,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/users\/30417"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/comments?post=419"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions"}],"predecessor-version":[{"id":463,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions\/463"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/media?parent=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n\n\n\n
Applications<\/h2>\n\n\n\n\n- OWASP Juice Shop (Port 3001)<\/li>\n\n\n\n
- OWASP WebGoat (Port 8081)<\/li>\n\n\n\n
- DVWA – Damn Vulnerable Web App (Port 8082)<\/li>\n\n\n\n
- MariaDB (Backend database)<\/li>\n<\/ul>\n<\/div>\n\n\n\n\n
What I Did<\/h2>\n\n\n\n\n- Designed and deployed a multi-container lab environment using Docker Compose<\/li>\n\n\n\n
- Configured inter-container networking between web applications and a database<\/li>\n\n\n\n
- Managed and monitored services using Portainer<\/li>\n\n\n\n
- Troubleshot real-world deployment issues:\n
\n- Port conflicts<\/li>\n\n\n\n
- ARM vs x86 image compatibility<\/li>\n\n\n\n
- DNS resolution failures<\/li>\n\n\n\n
- Container restart loops<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Performed vulnerability scanning using Nessus Essentials<\/li>\n\n\n\n
- Conducted hands-on web application security testing using OWASP tools<\/li>\n\n\n\n
- Successfully executed SQL Injection attacks against DVWA to extract database records<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n
\n\n\n\nExploit Demonstration: SQL Injection<\/strong><\/h2>\n\n\n\nDuring testing in DVWA, I exploited a classic SQL Injection vulnerability using the following input:<\/p>\n\n\n\n
‘ OR ‘1’ =’1<\/p>\n\n\n\n
This payload bypassed application logic and forced the database to return all user records.<\/p>\n\n\n\n
Impact:<\/strong><\/h3>\n\n\n\n\n- Authentication bypass<\/li>\n\n\n\n
- Full database enumeration<\/li>\n\n\n\n
- Exposure of sensitive user data<\/li>\n<\/ul>\n\n\n\n
This demonstrates how improper input validation and lack of parameterized queries can lead to critical security vulnerabilities.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 1: Cyber Lab Stack Deployment in Portainer<\/strong><\/h2>\n\n\n\nThis view shows the deployed cybersecurity lab environment managed through Portainer. The stack includes multiple containerized services such as DVWA, OWASP Juice Shop, WebGoat, and a MariaDB backend. Each service is running within a Docker Compose stack, demonstrating container orchestration and service communication.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 2: Docker Compose Configuration<\/strong><\/h3>\n\n\n\nThe Docker Compose file defines all services in the lab, including vulnerable web applications and the MariaDB backend. It includes:<\/p>\n\n\n\n
\n- Service definitions<\/li>\n\n\n\n
- Port mappings<\/li>\n\n\n\n
- Environment variables<\/li>\n\n\n\n
- Health checks and dependencies<\/li>\n<\/ul>\n\n\n\n
This reflects real-world infrastructure-as-code practices used in modern environments.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 3: OWASP Juice Shop<\/strong><\/h3>\n\n\n\nJuice Shop simulates a modern vulnerable web application and includes common security flaws such as:<\/p>\n\n\n\n
\n- Injection vulnerabilities<\/li>\n\n\n\n
- Broken authentication<\/li>\n\n\n\n
- Sensitive data exposure<\/li>\n<\/ul>\n\n\n\n
It serves as a realistic target for web application testing.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 4: OWASP WebGoat<\/strong><\/h3>\n\n\n\nWebGoat provides structured, lesson-based training on secure coding and vulnerability exploitation, reinforcing theoretical concepts through guided exercises.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 5: DVWA SQL Injection Exploit<\/strong><\/h3>\n\n\n\nDVWA was used to demonstrate hands-on exploitation of SQL Injection vulnerabilities. The lab environment allowed safe testing of attack techniques and analysis of application behavior under malicious input.<\/p>\n\n\n\n
\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 6: Nessus Scan Results<\/strong><\/h3>\n\n\n\nNessus Essentials was used to scan the lab network and identify:<\/p>\n\n\n\n
\n- Open ports<\/li>\n\n\n\n
- Running services<\/li>\n\n\n\n
- Potential vulnerabilities<\/li>\n<\/ul>\n\n\n\n
This simulates how security teams assess environments in real-world scenarios.<\/p>\n\n\n\n
\n\n\n\nKey Skills Demonstrated<\/strong><\/h2>\n\n\n\n\n- Containerization and deployment using Docker<\/li>\n\n\n\n
- Infrastructure design using Docker Compose<\/li>\n\n\n\n
- Container management using Portainer<\/li>\n\n\n\n
- Network troubleshooting and DNS configuration<\/li>\n\n\n\n
- Vulnerability scanning and analysis using Nessus<\/li>\n\n\n\n
- Web application security testing (OWASP Top 10)<\/li>\n\n\n\n
- SQL Injection exploitation<\/li>\n\n\n\n
- Debugging real-world system and deployment issues<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nConclusion<\/strong><\/h2>\n\n\n\nThis homelab provided hands-on experience in building, managing, and securing a containerized environment. By deploying vulnerable applications and actively exploiting them, I gained practical insight into how security weaknesses are identified and abused in real-world systems.<\/p>\n\n\n\n
This project demonstrates not only technical knowledge, but also the ability to troubleshoot complex issues, design functional environments, and apply offensive security techniques in a controlled setting.<\/p>\n","protected":false},"excerpt":{"rendered":"
Overview This project showcases a hands-on cybersecurity home lab designed to simulate real-world environments for vulnerability scanning and web application security testing. The lab leverages containerized applications and industry-relevant security tools to practice identifying, analyzing, and understanding common vulnerabilities. The primary goal of this lab is to bridge the gap between theoretical knowledge and practical … Continue reading Cybersecurity Home Lab: Web Application Security Testing Environment<\/span><\/a><\/p>\n","protected":false},"author":30417,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/users\/30417"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/comments?post=419"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions"}],"predecessor-version":[{"id":463,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions\/463"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/media?parent=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
What I Did<\/h2>\n\n\n\n\n- Designed and deployed a multi-container lab environment using Docker Compose<\/li>\n\n\n\n
- Configured inter-container networking between web applications and a database<\/li>\n\n\n\n
- Managed and monitored services using Portainer<\/li>\n\n\n\n
- Troubleshot real-world deployment issues:\n
\n- Port conflicts<\/li>\n\n\n\n
- ARM vs x86 image compatibility<\/li>\n\n\n\n
- DNS resolution failures<\/li>\n\n\n\n
- Container restart loops<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Performed vulnerability scanning using Nessus Essentials<\/li>\n\n\n\n
- Conducted hands-on web application security testing using OWASP tools<\/li>\n\n\n\n
- Successfully executed SQL Injection attacks against DVWA to extract database records<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n
\n\n\n\nExploit Demonstration: SQL Injection<\/strong><\/h2>\n\n\n\nDuring testing in DVWA, I exploited a classic SQL Injection vulnerability using the following input:<\/p>\n\n\n\n
‘ OR ‘1’ =’1<\/p>\n\n\n\n
This payload bypassed application logic and forced the database to return all user records.<\/p>\n\n\n\n
Impact:<\/strong><\/h3>\n\n\n\n\n- Authentication bypass<\/li>\n\n\n\n
- Full database enumeration<\/li>\n\n\n\n
- Exposure of sensitive user data<\/li>\n<\/ul>\n\n\n\n
This demonstrates how improper input validation and lack of parameterized queries can lead to critical security vulnerabilities.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 1: Cyber Lab Stack Deployment in Portainer<\/strong><\/h2>\n\n\n\nThis view shows the deployed cybersecurity lab environment managed through Portainer. The stack includes multiple containerized services such as DVWA, OWASP Juice Shop, WebGoat, and a MariaDB backend. Each service is running within a Docker Compose stack, demonstrating container orchestration and service communication.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 2: Docker Compose Configuration<\/strong><\/h3>\n\n\n\nThe Docker Compose file defines all services in the lab, including vulnerable web applications and the MariaDB backend. It includes:<\/p>\n\n\n\n
\n- Service definitions<\/li>\n\n\n\n
- Port mappings<\/li>\n\n\n\n
- Environment variables<\/li>\n\n\n\n
- Health checks and dependencies<\/li>\n<\/ul>\n\n\n\n
This reflects real-world infrastructure-as-code practices used in modern environments.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 3: OWASP Juice Shop<\/strong><\/h3>\n\n\n\nJuice Shop simulates a modern vulnerable web application and includes common security flaws such as:<\/p>\n\n\n\n
\n- Injection vulnerabilities<\/li>\n\n\n\n
- Broken authentication<\/li>\n\n\n\n
- Sensitive data exposure<\/li>\n<\/ul>\n\n\n\n
It serves as a realistic target for web application testing.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 4: OWASP WebGoat<\/strong><\/h3>\n\n\n\nWebGoat provides structured, lesson-based training on secure coding and vulnerability exploitation, reinforcing theoretical concepts through guided exercises.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 5: DVWA SQL Injection Exploit<\/strong><\/h3>\n\n\n\nDVWA was used to demonstrate hands-on exploitation of SQL Injection vulnerabilities. The lab environment allowed safe testing of attack techniques and analysis of application behavior under malicious input.<\/p>\n\n\n\n
\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 6: Nessus Scan Results<\/strong><\/h3>\n\n\n\nNessus Essentials was used to scan the lab network and identify:<\/p>\n\n\n\n
\n- Open ports<\/li>\n\n\n\n
- Running services<\/li>\n\n\n\n
- Potential vulnerabilities<\/li>\n<\/ul>\n\n\n\n
This simulates how security teams assess environments in real-world scenarios.<\/p>\n\n\n\n
\n\n\n\nKey Skills Demonstrated<\/strong><\/h2>\n\n\n\n\n- Containerization and deployment using Docker<\/li>\n\n\n\n
- Infrastructure design using Docker Compose<\/li>\n\n\n\n
- Container management using Portainer<\/li>\n\n\n\n
- Network troubleshooting and DNS configuration<\/li>\n\n\n\n
- Vulnerability scanning and analysis using Nessus<\/li>\n\n\n\n
- Web application security testing (OWASP Top 10)<\/li>\n\n\n\n
- SQL Injection exploitation<\/li>\n\n\n\n
- Debugging real-world system and deployment issues<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nConclusion<\/strong><\/h2>\n\n\n\nThis homelab provided hands-on experience in building, managing, and securing a containerized environment. By deploying vulnerable applications and actively exploiting them, I gained practical insight into how security weaknesses are identified and abused in real-world systems.<\/p>\n\n\n\n
This project demonstrates not only technical knowledge, but also the ability to troubleshoot complex issues, design functional environments, and apply offensive security techniques in a controlled setting.<\/p>\n","protected":false},"excerpt":{"rendered":"
Overview This project showcases a hands-on cybersecurity home lab designed to simulate real-world environments for vulnerability scanning and web application security testing. The lab leverages containerized applications and industry-relevant security tools to practice identifying, analyzing, and understanding common vulnerabilities. The primary goal of this lab is to bridge the gap between theoretical knowledge and practical … Continue reading Cybersecurity Home Lab: Web Application Security Testing Environment<\/span><\/a><\/p>\n","protected":false},"author":30417,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/users\/30417"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/comments?post=419"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions"}],"predecessor-version":[{"id":463,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions\/463"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/media?parent=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \n
- Port conflicts<\/li>\n\n\n\n
- ARM vs x86 image compatibility<\/li>\n\n\n\n
- DNS resolution failures<\/li>\n\n\n\n
- Container restart loops<\/li>\n<\/ul>\n<\/li>\n\n\n\n
- Performed vulnerability scanning using Nessus Essentials<\/li>\n\n\n\n
- Conducted hands-on web application security testing using OWASP tools<\/li>\n\n\n\n
- Successfully executed SQL Injection attacks against DVWA to extract database records<\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n
\n\n\n\nExploit Demonstration: SQL Injection<\/strong><\/h2>\n\n\n\n
During testing in DVWA, I exploited a classic SQL Injection vulnerability using the following input:<\/p>\n\n\n\n
‘ OR ‘1’ =’1<\/p>\n\n\n\n
This payload bypassed application logic and forced the database to return all user records.<\/p>\n\n\n\n
Impact:<\/strong><\/h3>\n\n\n\n
- \n
- Authentication bypass<\/li>\n\n\n\n
- Full database enumeration<\/li>\n\n\n\n
- Exposure of sensitive user data<\/li>\n<\/ul>\n\n\n\n
This demonstrates how improper input validation and lack of parameterized queries can lead to critical security vulnerabilities.<\/p>\n\n\n\n
<\/a><\/figure>\n\n\n\nFigure 1: Cyber Lab Stack Deployment in Portainer<\/strong><\/h2>\n\n\n\n
This view shows the deployed cybersecurity lab environment managed through Portainer. The stack includes multiple containerized services such as DVWA, OWASP Juice Shop, WebGoat, and a MariaDB backend. Each service is running within a Docker Compose stack, demonstrating container orchestration and service communication.<\/p>\n\n\n\n
<\/a><\/figure>\n\n\n\nFigure 2: Docker Compose Configuration<\/strong><\/h3>\n\n\n\n
The Docker Compose file defines all services in the lab, including vulnerable web applications and the MariaDB backend. It includes:<\/p>\n\n\n\n
- \n
- Service definitions<\/li>\n\n\n\n
- Port mappings<\/li>\n\n\n\n
- Environment variables<\/li>\n\n\n\n
- Health checks and dependencies<\/li>\n<\/ul>\n\n\n\n
This reflects real-world infrastructure-as-code practices used in modern environments.<\/p>\n\n\n\n
<\/a><\/figure>\n\n\n\nFigure 3: OWASP Juice Shop<\/strong><\/h3>\n\n\n\n
Juice Shop simulates a modern vulnerable web application and includes common security flaws such as:<\/p>\n\n\n\n
- \n
- Injection vulnerabilities<\/li>\n\n\n\n
- Broken authentication<\/li>\n\n\n\n
- Sensitive data exposure<\/li>\n<\/ul>\n\n\n\n
It serves as a realistic target for web application testing.<\/p>\n\n\n\n
<\/a><\/figure>\n\n\n\nFigure 4: OWASP WebGoat<\/strong><\/h3>\n\n\n\n
WebGoat provides structured, lesson-based training on secure coding and vulnerability exploitation, reinforcing theoretical concepts through guided exercises.<\/p>\n\n\n\n
<\/a><\/figure>\n\n\n\nFigure 5: DVWA SQL Injection Exploit<\/strong><\/h3>\n\n\n\n
DVWA was used to demonstrate hands-on exploitation of SQL Injection vulnerabilities. The lab environment allowed safe testing of attack techniques and analysis of application behavior under malicious input.<\/p>\n\n\n\n
\n\n\n\n<\/a><\/figure>\n\n\n\nFigure 6: Nessus Scan Results<\/strong><\/h3>\n\n\n\n
Nessus Essentials was used to scan the lab network and identify:<\/p>\n\n\n\n
- \n
- Open ports<\/li>\n\n\n\n
- Running services<\/li>\n\n\n\n
- Potential vulnerabilities<\/li>\n<\/ul>\n\n\n\n
This simulates how security teams assess environments in real-world scenarios.<\/p>\n\n\n\n
\n\n\n\nKey Skills Demonstrated<\/strong><\/h2>\n\n\n\n
- \n
- Containerization and deployment using Docker<\/li>\n\n\n\n
- Infrastructure design using Docker Compose<\/li>\n\n\n\n
- Container management using Portainer<\/li>\n\n\n\n
- Network troubleshooting and DNS configuration<\/li>\n\n\n\n
- Vulnerability scanning and analysis using Nessus<\/li>\n\n\n\n
- Web application security testing (OWASP Top 10)<\/li>\n\n\n\n
- SQL Injection exploitation<\/li>\n\n\n\n
- Debugging real-world system and deployment issues<\/li>\n<\/ul>\n\n\n\n
\n\n\n\nConclusion<\/strong><\/h2>\n\n\n\n
This homelab provided hands-on experience in building, managing, and securing a containerized environment. By deploying vulnerable applications and actively exploiting them, I gained practical insight into how security weaknesses are identified and abused in real-world systems.<\/p>\n\n\n\n
This project demonstrates not only technical knowledge, but also the ability to troubleshoot complex issues, design functional environments, and apply offensive security techniques in a controlled setting.<\/p>\n","protected":false},"excerpt":{"rendered":"
Overview This project showcases a hands-on cybersecurity home lab designed to simulate real-world environments for vulnerability scanning and web application security testing. The lab leverages containerized applications and industry-relevant security tools to practice identifying, analyzing, and understanding common vulnerabilities. The primary goal of this lab is to bridge the gap between theoretical knowledge and practical … Continue reading Cybersecurity Home Lab: Web Application Security Testing Environment<\/span><\/a><\/p>\n","protected":false},"author":30417,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/users\/30417"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/comments?post=419"}],"version-history":[{"count":5,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions"}],"predecessor-version":[{"id":463,"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/pages\/419\/revisions\/463"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-json\/wp\/v2\/media?parent=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"https:\/\/sites.wp.odu.edu\/eriksorto-portfolio\/wp-content\/uploads\/sites\/38223\/2026\/04\/image-5.png\")
<\/a><\/figure>\n\n\n\n