Determining the finding and fixing vulnerabilities

Assignment Help Basic Computer Science
Reference no: EM13926577

Because modern applications are complex, it is not practical to think about finding and fixing vulnerabilities by simply inspecting the code. Instead, a wide variety of sources-ranging from the government and professional software developers to the hacker community-provide information about potential application vulnerabilities. That information is reported from all of those sources to automated bug-tracking services like Bugzilla and it can be used to guide the application development and maintenance process.

Thus, the CISO has asked you to use Bugzilla to identify and guide the patching of the Firefox application for your company.

Go to Bugzilla and search for "injection." Sort the list by severity. Take a screenshot of your search.

Select one vulnerability of your choice from your result lists and write a 2- to 3-page paper in which you use the information provided for that vulnerability to analyze the specific problem and its causes. Then evaluate the recommended mitigations Bugzilla suggests. (Hint: you will find these by clicking on the ID number in the far left column.)

Your evaluation should address the following questions:

  • What are the severity and priority rankings for your chosen vulnerability?
  • What are the code level concerns for the vulnerability?
  • What security issues will this vulnerability raise for the application?
  • What are the precise steps required to fix the vulnerability you selected?
  • How effective are the recommended mitigations for this vulnerability? (You may need to conduct some research to answer this question.)
  • What other mitigations would you recommend? Why?
  • Why should you, as a developer, and your organization be concerned about fixing this vulnerability?

Remember to include the screenshot of your Bugzilla search as appendices to your paper.

Reference no: EM13926577

Questions Cloud

Was it a consensual or adversarial argument : Think about a recent argument you had. Identify when you argued, the issue, with whom you argued, and what you were trying to accomplish with the argument. Was it a consensual or adversarial argument? Was this argument typical of your argument sty..
Conditions and requirements of application security : This seminal publication outlines a set of basic principles that define a logical way to classify and respond to threat. It also describes the critical things you should consider while building software. These underlying principles dictate the con..
Who benefits from a tariff or quota : How do protectionist trade policies affect a government's wealth and fiscal policy?
What price must chrysler charge in japan in yen : If the exchange rate of Japanese yen for U.S. dollars is ¥140 ¼ $1, what price must Chrysler charge in Japan (in yen)? What price will Chrysler have to charge in Japan if the value of the dollar falls to 120 yen?
Determining the finding and fixing vulnerabilities : Because modern applications are complex, it is not practical to think about finding and fixing vulnerabilities by simply inspecting the code. Instead, a wide variety of sources-ranging from the government and professional software developers to th..
Why was this movie one of your favorites : Think of one of your favorite movies (past or present). Respond to the following questions: Why was this movie one of your favorites? What about this movie inspired, educated, or motivated you
Situations affecting the demand curve for ipods : Evaluate how the following situations will affect the demand curve for iPods.(a) Income statistics show that income of 18-25-year-olds have increased by 10 percent over the last year.
Sets of data and explore ways of analyzing : In Chapter, we are going to look at sets of data and explore ways of analyzing that data so that conclusions can be made from that data. Now, it is possible to have a data set that has many as 100 data points or even 1000's of data points.
What is the effect of a trade surplus : How do trade deficits and surpluses affect the industry in which you work?

Reviews

Write a Review

 

Basic Computer Science Questions & Answers

  Some businesses and organizations use active directory

Some businesses and organizations use Active Directory (AD) to provide SSO access to the enterprise. Analyze the advantages and disadvantages of using AD for SSO access.

  Eliminate unit productions from the following

Eliminate unit productions from the following CFG S->AB A->a B->C/b C->D D->E E->a

  Cloud services

Cloud Services

  The techniques in discovering the requirements

What are some of the techniques in discovering the requirements (fact finding) for a system?

  Evaluate online tutorials and online communities

Ray and Jason have just finished developing the documentation for a system your team recently completed. Ray insists that the documentation should be printed in booklet format and included with the system.

  How many threads will you create to perform the input

Given: A system with two dual-core processors has four processors available for scheduling. A CPU-intensive application is running on this system. All input is performed at program start-up, when a single file must be opened. Similarly, all output is..

  Application development and programming languages

Compare and contrast object-oriented languages (Java, C++, C#, etc.) to imperative languages (C, Pascal, etc.) in terms of: Programmability, Maintainability, Performance, Development tools

  Power point presentation on data warehouse tasks

Ppt data warehouse tasks: First Style  1-Dimensions 2- The fact table 3- Browse the cube

  Difference between insiders and out siders

differences between corporate espionage offenders who are so-called "insiders" and those who are so-called "outsiders".

  How to plot a root locus plot

How to plot a root locus plot? On control ferd back systems

  What criteria must be met for a binomial probability

Describe and discuss the difference between the various types of discrete probability distributions. What criteria must be met for a binomial probability distribution? Which of the characteristics would be the most difficult to satisfy? Why?

  Create a website registration form to obtain

Create a website registration form to obtain a user's first name, last name, and email address. In addition, include an optional survey question that asks the user's year in college (e.g., Freshman). Place the optional survey question in a details..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd