- In OWASP Broken Web Applications Project, use either the  
	- OWASP Mutillidae II  
	- or DVWA  
- Demonstrate you can obtain a shell with the following  
	- An LFI vulnerability in the web application with file upload;  
	- An LFI vulnerability in the web application with contaminated logs; and  
	- An RFI vulnerability in the web application.  
- Demonstrate attacks using SQL injection and Cross Site Scripting  
- Provide documentation and proof of useful attacks in your report