Application Security Assessment Skill Check

I’m working through the application security assessment skill check. I’m able to complete the SCA no problem. However, I have a few questions regarding the DCA as the instructions don’t seem as clear as other assessments.

First, two machines boot up for the skill assessment, one named SCA , the second DCA. The instructions do not mention switching to the DCA machine, previous skill check assessments, such as data security, would tell you to open a certain machine before starting the next set of tasks.

Second, the URL for the getjuiced app doesn’t have a port number at end, as we saw in the practice labs. Just a wild card * after the second dot, like this HTTP://getjuiced.local.*
I’ve noticed that when trying to run the ZAP scan, I get this at least 100 URL’s found error in my spider. I’m not sure what is being expected, as after reviewing the labs, there is no other format other than HTTP://nameofapp.domain:portnumber.* and HTTP://nameofapp.domain:portnumber. I’ve tried with and without the wildcard, dot instead of colon, took a guess at the port number, and still I get that error in my spider.

Thank you for looking into this and for any suggestions.
This my last skill check and my path is complete.

I spent half my day messing with this assessment, I finally passed with 88%, got 5/6 of the flags in skills assessment portion, which I’d like to know specifically which one I missed.

Anyway, yes, when moving on to the DCA assignment, one must switch to the machine labeled DCA.

Second, the port number at the end of the URL is necessary. To check which port number, open the web browser, type in the URL for getjuiced.local, the port number will show up in one of the saved searches. Mine happened to be 3000.

I was able to set up and complete a full scan with out any errors.

Best wishes to anyone who is ready to attempt this assessment.