Perform security exploits on web applications and websites

Assignment Help Computer Network Security
Reference no: EM131051883 , Length: 8

Advanced Topics in Digital Security

Objectives

- To apply skills and knowledge acquired throughout the trimester in exploiting web application security loopholes and the techniques to fix such loopholes.
- To demonstrate ability to use WebGoat to test security exploits on web applications and servers.
- To gain experience in documenting every application exploit that was tested.

Problem Statement

You are required to perform security exploits on web applications and websites. To complete this assignment, you need to select and choose FOUR of the security topics of web application security lessons specified in the WebGoat J2EE web application package, including topics and tools that we have not covered but you may find interesting. You may choose to use WebGoat and any appropriate tools from the SIT704 CloudDeakin course website to complete this assignment. You can also use other non-commercial (free and open-source) tools (e.g. WebScarab, Wireshark, w3af, metasploit) to help you complete this assignment. You are not allowed to use any commercial security-related or automated hacking products such as IBM Security AppScan for this assignment. To demonstrate your achievement of these goals, you must write a 2,000 word report.

Your report should consist of the following chapters:

1. A proper title which matches the contents of your report.

2. Your name and Deakin student number in the author line.

3. An executive summary which summarizes your findings.

(You may find hints on writing good executive summaries from https://unilearning.uow.edu.au/report/4bi1.html.)

4. An introduction chapter which lists the four vulnerabilities of your choice, the impact of these vulnerabilities, the brief summary of your findings, and the organization of the rest of your report.

5. A literature review chapter which surveys the latest academic papers regarding the four vulnera- bilities of your choice. With respect to each vulnerability, you are advised to identify and include at least two papers published by ACM and IEEE journals or conference proceedings. Your review must not simply be a summary of each paper, but rather a deep analysis of the body of work reported in the set of paper. Your aim in this part of the report is to demonstrate deep and thorough understanding of the existing body of knowledge encompassing multiple vulnerabilities of modern web applications. (Please read through the hints on this web page before writing this chapter https://www.uq.edu.au/student-services/learning/literature-review.)

6. A technical demonstration chapter which consists of fully explained screenshots when your tests were conducted. That is, you should explain the identification of your target web services or web applications, the information about the server(s), each step of the procedure of exploitation, and the results. You must prove that your tests are original.

7. A conclusions chapter which summarizes major findings of the study and indicates future work which should be conducted in the area.

8. A bibliography list of all cited papers and other resources. You must use in-text citations in Harvard style and each citation must correspond to a bibliography entry. There must be no bibliography entries that are not cited in the report. (You should know the contents from this page https://www.deakin.edu.au/students/study-support/referencing/harvard.)

Reference no: EM131051883

Questions Cloud

Pattern of embryological development : How does a pattern of embryological development provide further evidence that organisms have descended from a common ancestor?
Bond between phosphate group and ribose sugar group : 1. The bond between a phosphate group and the ribose sugar group in RNA is called which of the following? 2. Alternative Splicing is the process that does what to the exons and introns?
Look for other multilingual information : Visit four or five public locations in your community such as schools, hospitals, city/county buildings, or airports. See how many signs are posted in different languages (don't forget the restrooms) and look for other multilingual information, su..
Call-e-mail or visit a local business : Call, e-mail, or visit a local business that imports foreign goods (perhaps a wine or specialty foods importer). Ask the owner or manager about the business's participation in global trade, and compile a list of the advantages and disadvantages he..
Perform security exploits on web applications and websites : SIT704 - Advanced Topics in Digital Security - Perform security exploits on web applications and websites and you may choose to use WebGoat and any appropriate tools from the SIT704 CloudDeakin course website to complete this assignment.
What types of contracts and fee compensation associated with : What is the difference between lump sum and cost plus a fee compensation? What is fast track construction, and what types of contracts and fee compensation is it mostly commonly associated with?
What is the solution to the confusion about race : Despite being informative, this article poses a few questions in a reader's mind. What is the solution to the confusion about race? Does it mean that race is only biological and has no relationship to the social ties?
Find out firsthand the global impact : Find out firsthand the global impact on your life. How many different countries' names appear on the labels in your clothes? How many languages do your classmates speak? List the ethnic restaurants in your community. Are they family-owned or corpo..
Display and discuss the publications : Have each class member write to two or three trade associations at the beginning of the term to request their lists of publications, and then have each send for some of the publications.

Reviews

Write a Review

 

Computer Network Security Questions & Answers

  Notes on is principles

Explain how information systems transform business operations of your selected business.Investigate how information systems affect business careers and what information systems skills and knowledge are essential.

  Companys needs for these types of security

Details on physical security, you have to make sure you include the basics. Make sure you detail what will deter hackers from breaking in. Be sure to include your references -

  Network forensic data collection

Explain how the Silk Road case serves as an example of how to carry out network forensic data collection. Conduct research to find out how the FBI collected evidence and traced the owner of the Silk Road. Suggest alternate steps that you might hav..

  How http and smtp figure into organizational security

Users are familiar with some network services like HTTP (Hypertext Transport Protocol) - the Web; and SMTP. Tell us more about these services. How do they figure into organizational security? Elaborate with specifics.

  Implementation issues for it security policy development

Examine the implementation issues for IT security policy development. Determine which of these issues are the most challenging for organizations to overcome and explain why.

  Problem regarding the machine probability

The probability that two machines is related by , A to work is 0.7 and the probability that B works if A is working is 0.8 , and 0.35 if A fails work find that machine probability B does not work.

  Search the internet for one instance of a security breach

search the internet for one instance of a security breach that occurred for each of the four best practices of access

  Draft compliance matrix and compliant proposal to rfp

Create a compliance matrix and prepare a FAR-compliant proposal in response to the RFP from Assignment 2. Note: You may create and /or assume all necessary assumptions needed for the completion of this assignment.

  Computer networks assignment

This assignment is designed to test your understanding of computer networks through problem solving, literature study, simple analysis and problem solving.

  Automated digital job application system

List down advantages that come about having an automated digital job application system

  Computing the value of shared secret key

You begin the session by sending Bob your calculated value of TA. Bob responds by sending you the value TB = 291. What is the value of your shared secret key?

  How the network infrastructure is more secure

The CIO asks you to explain why you believe it is important to secure the Windows and Unix/Linux servers from known shortcomings and vulnerabilities. Explain to your CIO what you can do to make sure the network infrastructure is more secure.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd