User Account

All Pages

What is importance of testing for the given vulnerability

Assignment Help Computer Engineering
Reference no: EM131680099

Assignment

Using the readings as a baseline, analyze, test and document the results for the tutoring web application found on the SDEV virtual machine. Use both manual means and automated tools (e.g., ZAP). The latter will enable you to discover more information than a cursory manual examination. Specific tests to be conducted include:

1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)

- What is the importance of testing for this vulnerability?
- How many occurrences of the vulnerability did an automated scan discover?
- What is your recommendation to address any issues?
- Can you place a simple JavaScript alert (e.g., DeleteSession.php as an example)?

2. Testing for Stored Cross site scripting (OTG-INPVAL-002)

- What is the importance of testing for this vulnerability?

- What happens when you attempt to add a pop-up window (e.g., <script>alert(document.cookie)</script>) to the email input field within the "index.html" field?

- Can you introduce Stored Cross site scripting?

3. Testing for SQL Injection (OTG-INPVAL-005)

- Did your manual and automated testing discover any SQL Injection vulnerabilities
- if so, how many? (Note: There should be at least one occurrence).
- Name two or more steps you can take according to the reading to resolve the issue.
- Fix and test at least one occurrence of the vulnerabilities
- displaying your resulting source code and output results.

4. Testing for Code Injection (OTG-INPVAL-012)

- What is the importance of testing for this vulnerability?

- What are at least two measures you can take to remediate this issue?

- Can you input some simple html code or exploit Remote File Inclusion (RFI)?

5. Test business logic data validation (OTG-BUSLOGIC-001)

- What are at least two examples of business logic errors? This could be from various input forms or areas you discovered in previous HW assignments.

- How can you mitigate against such errors?

6. Test integrity checks (OTG-BUSLOGIC-003)

- Do Drop down menus exist and are they sufficient for the application? Why does the use of drop-down menus help mitigate against this risk?

- Does your manual or automated scan reveal the use of password "AUTOCOMPLETE"? What issue, if any, does the use of AUTOCOMPLETE pose?

7. Test defenses against application misuse (OTG-BUSLOGIC-007)

- What is the importance of testing for this vulnerability?
- Can adding additional characters in input fields cause unexpected results? Verify for at least two instances.

General Guidelines

You should document the results for the tests, your comments, and recommendations for improved security for each security control tested in a word or PDF document. The format of your document should be the format that is recommended in chapter 5 of the OWASP testing guide. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.

Note: The SDEV Virtual Machine you downloaded and used for SDEV 300. The VM runs on the latest version of Oracle Virtual Box. The directions to reinstall the Tutoring Web Application are also included in the course resources - which also includes any required passwords.

Reference no: EM131680099

Questions Cloud

Find random sample of observations taken from population : Another random sample of 25 observations taken from the same population produced a sample mean of 86 and a standard deviation of 6.
Why would a network administrator configure port security : Since switches are generally used within the local network configuration, why would a network administrator configure port security on a switch?
Discuss what is the ahupuaa concept : What is the priority resource in an ahupua‘a and what is it used for. How has the use of this resource changed
Calculate the standard deviation of these returns : William Hunting Ltd has been operating in Sydney since 1984. Calculate the standard deviation of these returns
What is importance of testing for the given vulnerability : What is the importance of testing for this vulnerability? How many occurrences of the vulnerability did an automated scan discover? What is your recommendat
Online or find in the media a weight loss diet : Based on the characteristics of a good weight loss diet presented in your text, does this diet meet nutritional criteria for a good weight loss program?
Calculate hood ltd cost of preference shares : On 10 June, 2017, Hood Ltd had an issue of preference shares that traded at $75 a share. Calculate Hood Ltd's cost of preference shares
What if the maximum probability of a type i error : Calculate the p-value for this test of hypothesis. Based on this p-value, will the quality control inspector decide to stop the machine and adjust.
Identify an area of directional divergence : The surface low moved from southeastern Colorado to north-central Kansas, How did this speed compare with the 500-mb wind speeds in this region

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd