You're assessing the booking system for an eco-lodge on Nosy Be, Madagascar — testing it for SQL injection, detecting the attack in the logs, fixing what you find, and delivering a report the owner can understand.
The discipline skills: running a structured security engagement from both sides — scanning with Nmap, exploiting with sqlmap, reading the same attack in Grafana's log view, writing a remediation that actually holds up when you re-test, and producing a report that maps findings to ATT&CK and OWASP.
The AI-direction lesson: this is your first time directing AI through a security workflow. AI will generate remediation code, scan interpretations, and report language that look correct — and some of it won't be. It will report uncertain sqlmap results as confirmed findings. It will suggest a fix using mysqli_real_escape_string instead of a prepared statement, and that fix will pass a casual glance but fail the re-test. It will recommend scanning targets outside your scope document. The skill is not running the tools. The skill is catching what AI got wrong before it becomes a finding you stand behind.
Your Role
You're doing a security assessment of Jean-Marc's booking site — testing from the attacker's side, then switching to the defender's view to see what the same attack looks like in the logs. By the end, Jean-Marc gets a report explaining what you found and what to fix.
Everything is provided. Scope document, attack methodology, detection templates, remediation guidance, report template. Your job is to direct Claude through each phase and verify the results.
What's New
This is the first project, so everything is new ground.
You'll direct an AI agent through a real security assessment workflow — scanning, exploiting, detecting, fixing. The interesting part is the perspective shift. The same SQL injection looks completely different depending on whether you're the attacker running sqlmap or the defender reading access logs in Grafana. That dual view is the core of what makes this work.
The hard part isn't running the tools. It's catching when Claude gets something wrong. Claude will suggest fixes that look correct but don't hold up when you re-test. It will report uncertain results as confirmed findings. It will suggest scanning things that aren't in scope. Your verification is what makes the difference between output that was produced and output that was checked.
Tools
- Docker — runs the target application (DVWA) and the monitoring stack (Grafana, Loki, Alloy)
- Nmap — network scanning and port/service discovery
- sqlmap — SQL injection testing
- Grafana — viewing logs and alerts from the defender's side
- Claude Code — AI agent directing all tool execution
- Git/GitHub — version control and project submission
Materials
You'll receive a complete set of project materials:
- Scope document defining what you're authorized to assess
- TTP selection document and step-by-step attack methodology
- Sigma rule template for detection engineering
- Remediation guidance document
- Hardening checklist
- Report template for Jean-Marc
- DVWA Docker environment (the target application)
- Grafana/Loki/Alloy monitoring stack (the defender's view)
- Project governance file