Complete the 11th task from (A8) Cross-Site Scripting (XSS) lesson (https://127.0.0.1:8080/WebGoat/start.mvc#lesson/CrossSiteScripting.lesson/10).  For completing this lesson you need to use route from previos step. As result you obtain message in console like this "phone home said {...}", open sourse code and find URL adress of POST request that generate data for this message. Provide this URL as answer.

Complete the 10th task from (A8) Cross-Site Scripting (XSS) lesson (https://127.0.0.1:8080/WebGoat/start.mvc#lesson/CrossSiteScripting.lesson/9). For compliting this lesson you need to find rotues in JavaScript source. Save obtained route for the next question.

Complete the 5th task from JWT tokens lesson from (A2) Broken Authentication. For compliting this lesson you need to do some changes in JWT token. So generate this token with user name SoftServeUser and only one neccessyry field in payload and only one header. Provide this JWT token as answer to this question.

Go to JWT tokens lesson from (A2) Broken Authentication. Use any JWT-decoder and decode token from 3d part of lesson (https://127.0.0.1:8080/WebGoat/start.mvc#lesson/JWT.lesson/2). Chose available response fields from payload of JWT-token.

Using ZAP complete the lesson Authentication Bypasses from (A2) Broken Authentication (https://127.0.0.1:8080/WebGoat/start.mvc#lesson/AuthBypass.lesson/1). 

You must obtain the next result.

Inspect the response from server and write its content-length value.

Choose the correct security measures that can be taken to prevent Cryptographic Failures.

How does web application differ from a traditional desktop application?

What are signs that an application has Security Logging and Monitoring Failures?

How to prevent Identification and Authentication Failures?

In what circumstances should administrators be alerted regarding access control failures?