User Account

All Pages

What is importance of testing for the given vulnerability

Assignment Help Computer Engineering
Reference no: EM131680099

Assignment

Using the readings as a baseline, analyze, test and document the results for the tutoring web application found on the SDEV virtual machine. Use both manual means and automated tools (e.g., ZAP). The latter will enable you to discover more information than a cursory manual examination. Specific tests to be conducted include:

1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)

- What is the importance of testing for this vulnerability?
- How many occurrences of the vulnerability did an automated scan discover?
- What is your recommendation to address any issues?
- Can you place a simple JavaScript alert (e.g., DeleteSession.php as an example)?

2. Testing for Stored Cross site scripting (OTG-INPVAL-002)

- What is the importance of testing for this vulnerability?

- What happens when you attempt to add a pop-up window (e.g., <script>alert(document.cookie)</script>) to the email input field within the "index.html" field?

- Can you introduce Stored Cross site scripting?

3. Testing for SQL Injection (OTG-INPVAL-005)

- Did your manual and automated testing discover any SQL Injection vulnerabilities
- if so, how many? (Note: There should be at least one occurrence).
- Name two or more steps you can take according to the reading to resolve the issue.
- Fix and test at least one occurrence of the vulnerabilities
- displaying your resulting source code and output results.

4. Testing for Code Injection (OTG-INPVAL-012)

- What is the importance of testing for this vulnerability?

- What are at least two measures you can take to remediate this issue?

- Can you input some simple html code or exploit Remote File Inclusion (RFI)?

5. Test business logic data validation (OTG-BUSLOGIC-001)

- What are at least two examples of business logic errors? This could be from various input forms or areas you discovered in previous HW assignments.

- How can you mitigate against such errors?

6. Test integrity checks (OTG-BUSLOGIC-003)

- Do Drop down menus exist and are they sufficient for the application? Why does the use of drop-down menus help mitigate against this risk?

- Does your manual or automated scan reveal the use of password "AUTOCOMPLETE"? What issue, if any, does the use of AUTOCOMPLETE pose?

7. Test defenses against application misuse (OTG-BUSLOGIC-007)

- What is the importance of testing for this vulnerability?
- Can adding additional characters in input fields cause unexpected results? Verify for at least two instances.

General Guidelines

You should document the results for the tests, your comments, and recommendations for improved security for each security control tested in a word or PDF document. The format of your document should be the format that is recommended in chapter 5 of the OWASP testing guide. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.

Note: The SDEV Virtual Machine you downloaded and used for SDEV 300. The VM runs on the latest version of Oracle Virtual Box. The directions to reinstall the Tutoring Web Application are also included in the course resources - which also includes any required passwords.

Reference no: EM131680099

Questions Cloud

Find random sample of observations taken from population : Another random sample of 25 observations taken from the same population produced a sample mean of 86 and a standard deviation of 6.
Why would a network administrator configure port security : Since switches are generally used within the local network configuration, why would a network administrator configure port security on a switch?
Discuss what is the ahupuaa concept : What is the priority resource in an ahupua‘a and what is it used for. How has the use of this resource changed
Calculate the standard deviation of these returns : William Hunting Ltd has been operating in Sydney since 1984. Calculate the standard deviation of these returns
What is importance of testing for the given vulnerability : What is the importance of testing for this vulnerability? How many occurrences of the vulnerability did an automated scan discover? What is your recommendat
Online or find in the media a weight loss diet : Based on the characteristics of a good weight loss diet presented in your text, does this diet meet nutritional criteria for a good weight loss program?
Calculate hood ltd cost of preference shares : On 10 June, 2017, Hood Ltd had an issue of preference shares that traded at $75 a share. Calculate Hood Ltd's cost of preference shares
What if the maximum probability of a type i error : Calculate the p-value for this test of hypothesis. Based on this p-value, will the quality control inspector decide to stop the machine and adjust.
Identify an area of directional divergence : The surface low moved from southeastern Colorado to north-central Kansas, How did this speed compare with the 500-mb wind speeds in this region

Reviews

Write a Review

Computer Engineering Questions & Answers

  Design and develop a list of factors

choose an organization for analysis and develop a list of factors (minimum 5) associated with high Performance. For each factor you identify, develop a rating scale from 1 to 5 (at least one of the factors must have a rating of 1 or 2). A 1 means ..

  Questionthink about a cellular system with a total

questionthink about a cellular system with a total bandwidth of 30 mhz. each full duplex voice or control channel uses

  Create an array of peoples first names

Create an array of people's first names. Using a loop, read the names from a text (.txt) file, and store each one into the array.

  The default text-based command-driven communication

If you need to create clean Web pages, which of the following is the best choice. If you need to create a text document with some graphics and format it for printing, which of the following is the best choice. Computer directories or folders are use..

  Questionwrite down an application that reads 3 integers

questionwrite down an application that reads 3 integers adds all 3 together and computes an average of the 3 entries

  What is proficient by page buffering

What is proficient by page buffering

  Multiple functions with input/output parameters

Write down a menu program which will print different formulas and perform the calculations. For every menu choice, show the formula and prompt for essential values. Then calculate and print area and perimeter.

  What changes in hardware are needed to perform the transfer

Assume that there is a serial output line connected to the LSB of the accumulator. The contents of the accumulator are to be output on this line.

  Develop a simple digital animation using adobe flash

This assignment requires you to develop a simple digital animation using Adobe Flash. Ten images of digits (0.jpg to 9.jpg). These images will be used for your student number in the animation specified below.

  How to figure out possibly stacks, queues and trees

How to figure out  possibly stacks, queues and trees

  Calculate the midpoint index of the array by taking mean

Calculate the midpoint index of the array by taking mean of the index of the first and the last array elements. The element at mid-point index is called ‘m'.

  In a prior assignment you were tasked to develop a

in a previous assignment you were tasked to develop a web-based student registration system. this web-based system

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd