User Account

All Pages

Repair software vulnerabilities found in lamp applications

Assignment Help PL-SQL Programming
Reference no: EM131772571

Assignment: LAMP ZAP Analysis and Mitigation

Overview

For this final lab you will use the tools and techniques used throughout the course to analyze and mitigate and document the results of two LAMP applications. The first application you will analyze is the e-Commerce application you wrote during week 7. For the second application you will use a prototype UMUC tutoring LAMP application which you will need to install on your VM and then run the analysis, fix all vulnerabilities and document the results.

In both applications, you are expected to perform the scanning using ZAP research the results, identify and fix software vulnerabilities, and professionally document your process and final results.

Learning Outcomes:

At the completion of the lab you should be able to:

1. Set-up and run the UMUC tutor application on your VM

2. Conduct automated and manual analysis on two different LAMP applications

3. Identify, prioritize and repair software vulnerabilities found in the LAMP applications

4. Document the process and findings of your Web application security analysis

Lab Submission Requirements:

After completing this lab, you will submit a word (or PDF) document that meets all of the requirements in the description at the end of this document. In addition, the modified and software vulnerability mitigated LAMP applications and all associated files should be submitted.

Virtual Machine Account Information

Your Virtual Machine has been preconfigured with all of the software you will need for this class. The default username and password are:

Username : umucsdev Password: umuc$d8v

MySQL Username: sdev_owner

MySQL password: sdev300

MySQL database: sdev

Tutor Application user accounts:

Tutor1 username: tutor1 Tutor1 password: t123 Tutor2 username: tutor2

Tutor2 password: t234

Tutor3 username: tutor3

Tutor3 password: t345

Part 1 - Set-up and Run the UMUC tutor application on your VM

In this exercise you will create and populate the database tables for the LAMP application and install the PHP and associated files on your VM. The application is fully functional (but definitely not safe). You need to perform a few steps to make sure it is working properly on your VM.

1. From the Week 8 code examples, download the UMUCTutorLamp.zip file.

2. Move the file to your VM and unzip using the right mouse click - extract to here option. Note a folder names week8 will be provided that has two subfolders.

3. Create a folder named Week8 in your /var/www/html folder that will store the Tutor application.

4. Copy the contents from the Tutor folder to the /var/www/html/week8 location. Note: just copy the folders and files inside of the Tutor folder not the Tutor folder itself.

5. From the location where you unzipped your UMUCTutorLamp.zip file, open the SQL folder. Open the createTables.sql file.

6. Launch MySQL and use the sdev database. Important: make sure you use the sdev database so the tables are created in the correct area.

7. Carefully, copy and paste the SQL lines into the mysql prompt. You can do this in batches. Look for any errors as you are running the scripts.

8. Verify your tables are correctly created and populated by querying the tables and verifying data exists in the tables where you inserted data.

9. Open up your Browser and Launch the tutor app (localhost/week8/)

10. Click on the Create a new CSTutor account to create a student account. Click Submit after you have entered your test account data.

11. Login using the account information you just created and request two or three tutoring sessions using the form.

12. Login in as one of the tutors to see what students have sessions. (Use localhost/week8/tlogin.html) Note: tutor1 tutors, CMIS102, tutor2 tutors CMIS141/242 and tutor3 tutors CMIS320. Be sure to login as the tutor corresponding to the tutor sessions you created.

13. Click on "Show all my Sessions" to view all of the available sessions for this tutor.

14. Continue to experiment the Tutor to learn most of the functionality.

Lab submission details:

As part of the submission for this Lab, you will run manual and automatic attacks on your week7 lab submission and the UMUC Tutor app on your VM.

Be sure to work on each application separately and document the issues you found and the process you used to fix the applications. You can provide the findings in one well-organized document. You should work to eliminate all alerts in both applications and clearly document specifically what you did to mitigate each issue.

Create screen captures demonstrating your process and results. Each screen capture should be fully described. The document should be well-organized and include a table of contents, page numbers, figures, and table numbers. The writing style should be paragraph style with bullets used very sparingly to emphasize specific findings. In other words, this should be a professional report and demonstrate mastery of writing.

Be sure your process includes both manual and automatic scanning. When researching your security alerts, be sure to document your references using APA style. You should show both before and after fix vulnerability reports. Your final vulnerability report should show zero alerts and vulnerabilities.

Reference no: EM131772571

Questions Cloud

Exposure to exchange rate risk in china : Given your exposure to exchange rate risk in china, explain how you could use forward contracts to hedge.
What was the company dividend payout ratio : Marine Biotechnologies, Inc. earned $150 million this year, of which $90 million was retained for future investment projects and the remainder
Compute the book value per ordinary share : One million ordinary shares are authorized and 40,000 shares are held in the treasury. Compute the book value per ordinary share
What is the company target debt-equity ratio : A company has a weighted average cost of capital of 9.5 %. The company's cost of equity is 15.5% , and its pre-tax cost of debt it is 8.5 percent.
Repair software vulnerabilities found in lamp applications : Identify, prioritize and repair software vulnerabilities found in the LAMP application. Document process and findings of your Web application security analysis.
International financial currency exchange : 1. Why companies to issue stock abroad? Please use the supply demand graph to explain.
Rest invested in moon entreprises : What is the expected return on a portfolio with 40% of its assets invested in in Star Corp. and the rest invested in Moon Entreprises?
Prepare a variance analysis of fixed manufacturing overhead : Actual fixed manufacturing overhead incurred during the year was 272000. Prepare a variance analysis of fixed manufacturing overhead cost
Calculate the weighted average cost of capital : WACC: Book weights and market weights Webster Company has compiled the information shown in the following table.

Reviews

Write a Review

PL-SQL Programming Questions & Answers

  Write single query that retrieves information for management

If a customer has no rentals, or did not rent any movies multiple times, management does not want to see them in the list. Write a single query that retrieves this information for management.

  Write a select statement

Write a SELECT statement that returns these columns from the CustomerAddresses view that you created in exercise 1: CustomerID, LastName, FirstName, BillLine1.

  An er diagram for the system

An ER diagram for the system. Show all entities, relationships, cardinalities and optionalities. Also, include all intersection entities. You must use the Finkelstein methodology as per the study book and tutorials.

  Prepare database design documents using the data definition

Prepare database design documents using the data definition, data manipulation, and data control language components of the SQL language.

  Create a table that includes a rotating schedule

Create a table that includes a rotating schedule for the 12 months of security testing. Include columns that identify time estimations for each test listed.

  Create a procedure that returns the most recent order

Create a procedure named STATUS_SHIP_SP that allows an employee in the Brewbeans' Shipping Department to update an order status to add shipping information.

  Let the user type his first and last name

The program should let the user type his first and last name.

  Submit the table creation statements for the database model

submit the table creation statements for the database model. submit them all in a single script file.also submit a

  Design a query to display details of customers

Design a query to display details of customers from "Albert Park". Sort data according to the alphabetical order of customer's last name and write a query to show details of EmployeeNo.

  Write an sql statement to produce a single column called

write an sql statement to produce a single column called itemlocation that combines the skudescriptionthe phrase is

  Provide a copy of your working sql code as part of the paper

Provide a copy of your working SQL code as part of the paper. Analyze security considerations and pricing of the different cloud implementation types.

  Compare results before and after running the trigger

You can compare your results before and after running the trigger - You will need to make some changes to generated code before you can run it in Oracle.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd