updated readme with instructions

README.md

@@ -1,5 +1,66 @@
 # CSPJ Application
 
+## HOW TO TEST
+
+The IP address refers to the IP address that y'all configure for the VM.
+
+### 1. DVWA
+
+DVWA is listening on port `80`, so in the browser no need to enter port number.  
+Just navigate to the IP address.  
+![dvwa-no-modsecurity](assets/screenshot_130225_040803.png)
+
+### 2. ModSecurity DVWA
+
+ModSecurity is listening on port `3331`, it is a proxy for DVWA.  
+Go to `<ip>:3331` in the browser.  
+![dvwa-modsecurity](assets/screenshot_130225_040940.png)
+
+Go to the `Command Injection` tab.  
+![dvwa-command-injection](assets/screenshot_130225_041013.png)
+
+Enter in `127.0.0.1; ls`.  
+![dvwa-command-injection-2](assets/screenshot_130225_041113.png)
+
+If 401 Forbidden error is returned, ModSecurity is great success.  
+![dvwa-modsecurity-forbidden](assets/screenshot_130225_041144.png)
+
+### 3. Client + Backend Server + ML Model
+
+Start the `cspj-application` program, be it on Windows or Linux.  
+Backend server is listening on port `3333`.  
+At the top right of the program window, click on the red `Server disconnected` thingy.  
+Enter the IP address, and make sure port is set to `3333`.  
+Click connect, and it should turn green.  
+![client-server-url](assets/screenshot_130225_042054.png)
+
+Press the humongous blue `Setup/reset DB` button.  
+Should see that DB setup was carried out.  
+![client-db-setup](assets/screenshot_130225_042221.png)
+
+Go to the `Login` tab.  
+Enter:
+
+- Email: `asdf@gmail.com`
+- Password: `asdf`
+
+Press next, and should see `Login successful`.  
+![client-login-unsecure](assets/screenshot_130225_042610.png)
+
+Turn on the secure endpoint switch.  
+Enter:
+
+- Email: `asdf@gmail.com' OR 1=1; --`
+- Password: `randompasswordjakfl;dsjflkadsjlkf;sjkfl;dj;l`
+
+Press next again.  
+This time should fail.  
+![client-login-secure](assets/screenshot_130225_042859.png)
+
+Okay done.
+
+## Everything below can ignore
+
 ## Setup
 
 ### Requirements