Time spent: 5 hours spent in total
Objective: Identify vulnerabilities in three different versions of the Globitek website: blue, green, and red.
The six possible exploits are:
- Username Enumeration
- Insecure Direct Object Reference (IDOR)
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Session Hijacking/Fixation
Each version of the site has been given two of the six vulnerabilities. (In other words, all six of the exploits should be assignable to one of the sites.)
Vulnerability #1: SQL injection
Vulnerability #2: Session hijacking 
Vulnerability #1: Stored XSS
Vulnerability #2: User enumeration 
Vulnerability #1: Insecure object reference 
Vulnerability #2: CSRF
No real challenges this week I found the vulnerabilities pretty easy to find and exploit. For the SQL injection I found it quickly but was unable to get much of a response with manual testing, SQLmap did the job well though.