User Account

All Pages

What are at least two examples of business logic errors

Assignment Help Management Information Sys
Reference no: EM131680455

Using the readings from weeks 7 and 8 as a baseline, analyze, test and document the results for the tutoring web application found on the SDEV virtual machine. The latter will enable you to discover more information than a cursory manual examination. Specific tests to be conducted include:

1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)

What is the importance of testing for this vulnerability?

How many occurrences of the vulnerability did an automated scan discover?

What is your recommendation to address any issues?

Can you place a simple JavaScript alert (e.g., DeleteSession.php as an example)?

2. Testing for Stored Cross site scripting (OTG-INPVAL-002)

What is the importance of testing for this vulnerability?

What happens when you attempt to add a pop-up window (e.g., <script>alert(document.cookie)</script>) to the email input field within the "index.html" field?

Can you introduce Stored Cross site scripting?

3. Testing for SQL Injection (OTG-INPVAL-005)

Did your manual and automated testing discover any SQL Injection vulnerabilities - if so, how many? (Note: There should be at least one occurrence).

Name two or more steps you can take according to the reading to resolve the issue.

Fix and test at least one occurrence of the vulnerabilities - displaying your resulting source code and output results.

4. Testing for Code Injection (OTG-INPVAL-012)

What is the importance of testing for this vulnerability?

What are at least two measures you can take to remediate this issue?

Can you input some simple html code or exploit Remote File Inclusion (RFI)?

5. Test business logic data validation (OTG-BUSLOGIC-001)

What are at least two examples of business logic errors? This could be from various input forms or areas you discovered in previous HW assignments.

How can you mitigate against such errors?

6. Test integrity checks (OTG-BUSLOGIC-003)

Do Drop down menus exist and are they sufficient for the application? Why does the use of drop-down menus help mitigate against this risk?

Does your manual or automated scan reveal the use of password "AUTOCOMPLETE"? What issue, if any, does the use of AUTOCOMPLETE pose?

7. Test defenses against application misuse (OTG-BUSLOGIC-007)

What is the importance of testing for this vulnerability?

Can adding additional characters in input fields cause unexpected results? Verify for at least two instances.

General Guidelines

You should document the results for the tests, your comments, and recommendations for improved security for each security control tested in a word or PDF document.

The format of your document should be the format that is recommended in chapter 5 of the OWASP testing guide. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.

Deliverables:

You should submit your document by the due date. Your document should be well-organized, use the OWASP recommended reporting format, include all references used and contain minimal spelling and grammar errors.

Reference no: EM131680455

Questions Cloud

Discuss threats that coral reefs are currently facing : Compare and analyze various ecosystems in terms of their living and nonliving components. Critically evaluate sources of information about environmental science
Nutrition plays in the prevention of the disease : Required paragraph topics include but are not limited to: the role nutrition plays in the prevention of the disease, etiology, progression, treatment
Find a recursive equation : There are n types of toys, which you are collecting one by one. Each time you buy a toy, it is randomly determined which type it has, with equal probabilities.
Write a statement in support to fitzhughs argument : The following is a statement from the social theorist George Fitzhugh. Write a statement in support to Fitzhugh's argument.
What are at least two examples of business logic errors : What are at least two measures you can take to remediate this issue? Can you input some simple html code or exploit Remote File Inclusion (RFI)?
Many elderly have dentition issues : Many elderly have dentition issues, what are some options for these patients to achieve their nutritional needs if they don't have all of their teeth
Explain how your friends commute affects : Explain how these impermeable surfaces affect at least one aspect of the hydrologic cycle - Explain how your friend's commute affects one or more nutrient
Describe the use of visual elements such as line and shape : Describe use of visual elements such as line, shape, color & space used in pieces. For example: In what way is it balanced? Is it asymmetrical or symmetrical?
What is the debt to assets ratio : The 2017 financial statements of Blossom Company contain the following selected data (in millions) - What is the debt to assets ratio

Reviews

Write a Review

Management Information Sys Questions & Answers

  Explain what is meant by information technology

Explain what is meant by information technology (IT). Explain what is meant by information systems (IS). Why is it important to understand the differences between information technology (IT) and information systems (IS)?

  Data center management

Data Center Management- Imagine you are an IT security specialist of a large organization which is opening a new data center

  Do you believe that having internet access

Do you believe that having Internet access, as the author suggests, is not a convenience or luxury, but a human right? List one benefit that closing the digital divide might provide (e.g. economic growth).

  Developing engaging interview questions

Developing engaging interview questions is the significant to a positive employment interview. Questions can be categorized in to two areas.

  Design three security posters on various aspects of

part 1 review questions what functions constitute a complete information security program? what is the typical size of

  Explain the key elements of recovering from lost assets

Describe and explain the key elements of recovering from lost assets. What are Internet connected systems? Describe five examples?

  Business risk financial risk and beta1 define and discuss

business risk financial risk and beta1. define and discuss the relationship between business risk financial risk and

  Create an overall lan-wan configuration and troubleshooting

For Week One, compile a 6- to 8-slide presentation, including Introduction, Conclusion, and Reference slides. Include detailed speaker notes with each slide. The presentation should depict the three locations and include the following:An accurate ..

  Present the life cycle of an electronic health record (ehr)

Create a PowerPoint presentation (25-30 slides); include accompanying notes.Present the life cycle of an electronic health record (EHR).

  How are the interfaces connected to the computer

How are the interfaces connected to the computer? What types of audio connections are supported?

  What function of language did your interactions illustrate

What function of nonverbal communication did your interactions illustrate? How important was nonverbal communication in all of your computer-mediated interactions? Or, how did the lack of nonverbal communication allow you to think about a function..

  Examine the major benefits for an organization to use ssds

Determine whether SSDs are more or less difficult for computer forensics personnel to examine. Suggest whether or not an organization, such as Health and Social Services and the Disabled American Veterans, should consider the difficulty of compute..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd