Day 2 Deliverables

Submit one PDF or other electronc document at the end of class named: Lastname_Firstname_Day2.pdf or .html or .txt or .log or .something

Deliverable A — HTTP Traffic Capture

Capture one GET request and one POST request to the class lab site (Burp Suite or Browser DevTools Network tab).
For each request, include a screenshot and label:
- Method, URL/path, host
- Query parameters or form body
- Response status code
- At least 3 headers that matter for security (and why)

Deliverable B - Headers

Run header checks on BOTH:

Your Apache VM (Day 1 server)
The class lab target

Include the command output (copy/paste) or screenshots as evidence:

curl -Ivvv http://YOUR_VM_EXTERNAL_IP

Explain what you see.

Deliverable C — Three Security Practices

Write up three security policies you could implement.

For each finding include:

Evidence: screenshot or copied output (curl/Burp/DevTools)
Risk: 2–4 sentences describing why it matters
Fix: 1–3 actionable steps to remediate

Deliverable D — Apache SSL

Using certbot install and implement SSL in your apache configuration. List the commands that you performed to ensure proper implementation.

Commands

apt install python3-certbot-apache





root@webserver01:/var/www/html# certbot 

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Enter email address (used for urgent renewal and security notices)

 (Enter 'c' to cancel): blah@blah.com



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.6-August-18-2025.pdf. You must agree

in order to register with the ACME server. Do you agree?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(Y)es/(N)o: Y



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Would you be willing, once your first certificate is successfully issued, to

share your email address with the Electronic Frontier Foundation, a founding

partner of the Let's Encrypt project and the non-profit organization that

develops Certbot? We'd like to send you email about our work encrypting the web,

EFF news, campaigns, and ways to support digital freedom.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(Y)es/(N)o: N

Account registered.

Please enter the domain name(s) you would like on your certificate (comma and/or

space separated) (Enter 'c' to cancel): mtec.mycybersecurityclass.com

Requesting a certificate for mtec.mycybersecurityclass.com



Successfully received certificate.

Certificate is saved at: /etc/letsencrypt/live/mtec.mycybersecurityclass.com/fullchain.pem

Key is saved at:         /etc/letsencrypt/live/mtec.mycybersecurityclass.com/privkey.pem

This certificate expires on 2026-05-31.

These files will be updated when the certificate renews.

Certbot has set up a scheduled task to automatically renew this certificate in the background.



Deploying certificate

Successfully deployed certificate for mtec.mycybersecurityclass.com to /etc/apache2/sites-available/000-default-le-ssl.conf

Congratulations! You have successfully enabled HTTPS on https://mtec.mycybersecurityclass.com



- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you like Certbot, please consider supporting our work by:

 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

 * Donating to EFF:                    https://eff.org/donate-le

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

root@webserver01:/var/www/html#



  Include:
  
    The config snippet you changed (copy/paste)
    Before/after header output or screenshots proving the change
  

  

  
    Reminder: Only test the class lab targets and your own VM. No scanning random websites.