Security Audit and Penetration Testing Instructions

Perform comprehensive security testing of the KMP application using both static code analysis and dynamic terminal-based testing.

Application Context

• Stack: CakePHP 5.x backend, Stimulus.js frontend, MySQL database
• Application URL: http://localhost:8080
• Test Password: TestPassword (for all dev users)
• App Directory: /workspaces/KMP/app
• Reports Directory: /workspaces/KMP/security-reports

Test User Credentials for Authorization Testing

• admin@amp.ansteorra.org - Super admin (full access)
• iris@ampdemo.com - Basic user (minimal permissions)
• bryce@ampdemo.com - Local Seneschal (moderate permissions)
• eirik@ampdemo.com - Kingdom Seneschal (elevated permissions)