User Account

All Pages

Identify any SQL injection flaws in the application

Assignment Help Software Engineering
Reference no: EM132146808

Assignment Lab - Statement of Work

Client: Liberty Vacation Planning Inc. (LVP)

Project: Website Assessment

1. Project Objectives

With this statement of work, LVP is engaging you to conduct a website assessment to determine whether our new online Vacation Destinations application was developed following current Web application best practices. Specifically, the assessment should identify any security flaws in the code for the search function and the Check Availability page. The objectives of this assessment are as follows:

  • Identify any cross site scripting (XSS) flaws in the application using Skipfish or a manual source code review.
  • Identify any SQL injection flaws in the application by conducting a source code review.
  • Verify that the SQL injection flaws will cause a MySQL database error message to occur in the live application.

Note: The objective of this Statement of Work is to identify (not exploit) the vulnerabilities.

2. Project scope

The scope of the website assessment project is as follows:

  • The Vacation Destinations application hosted on our internal Kali Linux web server.
  • The Vacation Destinations code (Source_Code_Review.txt) located on the desktop of the provided Kali machine.

Note: Any items not listed here are considered out of scope for this project; the addition of out of scope items to the project scope will not be made without prior approval and authorization from LVP and will be handled through change requests or as separate SOWs.

3. Project deliverables

The deliverable(s) for this project are as follows:

a. Proof of XSS vulnerability

This proof will be provided in the following manner:

A screenshot of either a Skipfish report showing an XSS condition, or of a JavaScript pop-up window caused by a web request with an XSS payload

b. Proof of SQL injection in the code

This proof will be provided in the following manner:

  • A screenshot of the source code reviewed with the vulnerable HTTP parameter and SQL query parameter highlighted or circled.
  • A brief paragraph describing why the course code is vulnerable and how it could be misused.

c. Proof of SQL injection in the application

This proof will be provided in the following manner:

  • A screenshot showing a database error message, which proves a SQL injection condition.

LAB WEBSITE ASSESSMENT INSTRUCTIONS -

1. Use the lab virtual environment for this assignment where specific instructions for tasks and deliverables are located. After completing the lab, write a lab report that includes all of the required deliverables, screen shots of each operation, and any additional information you gathered.

2. You are also required to include at least one page of written content with a minimum of 2 referenced citations that discusses your findings from each of the lab operations. This can include reasons why the findings are important, actions the organization can take to solve any discovered problems, and any other pertinent information you discovered. This content can be included anywhere in your lab report as long as you meet the one page requirement.

3. Your report must also include Biblical integration that relates a Bible verse, passage, or concept to the assignment. This will count as one of your required citations.

Note - Need to complete virtual lab. Can you do it using team viewer?

Attachment:- Assignment File.rar

Verified Expert

This project helps us understanding the concept of Identify any cross site scripting (XSS) flaws in the application using Skipfish or a manual source code review.Identify any SQL injection flaws in the application by conducting a source code review. Verify that the SQL injection flaws will cause a MySQL database error message to occur in the live application.

Reference no: EM132146808

Questions Cloud

Pre-acquisition evaluation and post-acquisition : In mergers and acquisitions there is always a pre-acquisition evaluation and post-acquisition evaluation of technology.
What are your most compelling achievements : what are your most compelling achievements and how would you use them to benefit the CEO's business?
The sustainability of that airline future success : Which of the 5 forces do you think is most dangerous for the sustainability of that airline's future success? Why?
Was the attack successful : Search "scholar.google.com" for a company, school, or person that has been the target of a network or system intrusion? What information was targeted?
Identify any SQL injection flaws in the application : CSCI 681 Assignment Lab - Statement of Work. Identify any SQL injection flaws in the application by conducting a source code review
Shifting management style midstream on this project : What are the consequences of your shifting management style midstream on this project . . . for success with the client?
Can a byod policy be intrusive and unethical : Can a BYOD policy be intrusive and unethical? Research the ethical debates of MDM software on personal devices. Compare presentations of lessons learned on BYOD
Differences in cultural-political and economic systems : What are the differences in cultural, political, and economic systems among countries that can lead to a comparative advantage for one country over another
Create a new database called membership : Use the Management Studio to create a new database called Membership2 using the default settings.

Reviews

inf2146808

11/22/2018 1:29:20 AM

I need this assignment before 6 P.M. I have not received my paid assignment back. oh sorry did not check your message below, thanks for the solution. I cannot open the document. I do not have a zip. Please send it in Microsoft Word format. thanks for your quick support and sending unzipped files on my mail id, now I accessed and checked everything, its perfect work, thanks

len2146808

10/22/2018 2:50:59 AM

I need to complete virtual lab. Can you do it using team viewer? Use the lab virtual environment for this assignment where specific instructions for tasks and deliverables are located. After completing the lab, write a lab report that includes all of the required deliverables, screen shots of each operation, and any additional information you gathered. You are also required to include at least one page of written content with a minimum of 2 referenced citations that discusses your findings from each of the lab operations. This can include reasons why the findings are important, actions the organization can take to solve any discovered problems, and any other pertinent information you discovered. This content can be included anywhere in your lab report as long as you meet the one page requirement.

len2146808

10/22/2018 2:50:52 AM

Your report must also include Biblical integration that relates a Bible verse, passage, or concept to the assignment. This will count as one of your required citations. APA style references must be included for each citation used. Extra credit sections are not required but, if you complete them, earned points will be used to offset missed sections in the other parts of the lab. You can use any tools available to you on the lab system to gather information, but keep the focus on data collection and do not attempt to break into the system. Submit this assignment by 11:59 p.m. (ET) on Sunday of Module/Week 1.

len2146808

10/22/2018 2:50:45 AM

Source Code Analysis - The submission showed analysis of web application source code using Skipfish to identify and describe vulnerabilities and insecure coding tactics. Cross Site Scripting - The submission examined and described a cross site scripting (XSS) flaw in a web application using automated tools or manual methods. SQL Syntax - The submission evaluated unsafe SQL query syntax in source code and assessed the situation. SQL Injection - The submission examined an SQL vulnerability by performing a simple SQL injection attack and describing the attack methodology. Biblical Integration - A biblical world view, supported by scripture was integrated into assignment. Formatting and Grammar - The submission adheres to APA formatting, and practices good spelling and grammar. Report Length and Results - The submission describes results for each lab requirement, and adheres to a minimum number of 2 pages and 2 references.

Write a Review

Software Engineering Questions & Answers

  Research report on software design

Write a Research Report on software design and answer diffrent type of questions related to design. Report contain diffrent basic questions related to software design.

  A case study in c to java conversion and extensibility

A Case Study in C to Java Conversion and Extensibility

  Create a structural model

Structural modeling is a different view of the same system that you analyzed from a functional perspective. This model shows how data is organized within the system.

  Write an report on a significant software security

Write an report on a significant software security

  Development of a small software system

Analysis, design and development of a small software system.

  Systems analysis and design requirements

Systems Analysis and Design requirements

  Create a complete limited entry decision table

Create a complete limited entry decision table

  Explain flow boundaries map

Explain flow boundaries map the dfd into a software architecture using transform mapping.

  Frame diagrams

Prepare a frame diagram for the software systems.

  Identified systems and elements of the sap system

Identify computing devices, which could be used to support Your Improved Process

  Design a wireframe prototype

Design a wireframe prototype to meet the needs of the personas and requirements.

  Explain the characteristics of visual studio 2005

Explain the characteristics of Visual Studio 2005.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd