What is the importance of testing for this vulnerability

Assignment Help Management Information Sys
Reference no: EM131675421

Using the readings from weeks 7 and 8 as a baseline, analyze, test and document the results for the tutoring web application found on the SDEV virtual machine. 

Use both manual means and automated tools (e.g., ZAP). The latter will enable you to discover more information than a cursory manual examination.

Specific tests to be conducted include:

1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)

What is the importance of testing for this vulnerability?

How many occurrences of the vulnerability did an automated scan discover?

What is your recommendation to address any issues?

Can you place a simple JavaScript alert (e.g., DeleteSession.php as an example)?

2. Testing for Stored Cross site scripting (OTG-INPVAL-002)

What is the importance of testing for this vulnerability?

What happens when you attempt to add a pop-up window (e.g., <script>alert(document.cookie)</script>) to the email input field within the "index.html" field?

Can you introduce Stored Cross site scripting?

3. Testing for SQL Injection (OTG-INPVAL-005)

Did your manual and automated testing discover any SQL Injection vulnerabilities - if so, how many? (Note: There should be at least one occurrence).

Name two or more steps you can take according to the reading to resolve the issue.

Fix and test at least one occurrence of the vulnerabilities - displaying your resulting source code and output results.

4. Testing for Code Injection (OTG-INPVAL-012)

What is the importance of testing for this vulnerability?

What are at least two measures you can take to remediate this issue?

Can you input some simple html code or exploit Remote File Inclusion (RFI)?

5. Test business logic data validation (OTG-BUSLOGIC-001)

What are at least two examples of business logic errors? This could be from various input forms or areas you discovered in previous HW assignments.

How can you mitigate against such errors?

6. Test integrity checks (OTG-BUSLOGIC-003)

Do Drop down menus exist and are they sufficient for the application? Why does the use of drop-down menus help mitigate against this risk?

Does your manual or automated scan reveal the use of password "AUTOCOMPLETE"? What issue, if any, does the use of AUTOCOMPLETE pose?

7. Test defenses against application misuse (OTG-BUSLOGIC-007)

What is the importance of testing for this vulnerability?

Can adding additional characters in input fields cause unexpected results? Verify for at least two instances.

General Guidelines

You should document the results for the tests, your comments, and recommendations for improved security for each security control tested in a word or PDF document.

The format of your document should be the format that is recommended in chapter 5 of the OWASP testing guide. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.

Deliverables:

You should submit your document by the due date. Your document should be well-organized, use the OWASP recommended reporting format, include all references used and contain minimal spelling and grammar errors.

Reference no: EM131675421

Questions Cloud

Should the car dealer want to make its customers happy : Why would Port Motors, Inc., fi ght Candela in court? Shouldn't the car dealer want to make its customers happy? What ethical norm must be underlying Port.
Type in the amount of the surplus at price : Type in the amount of the surplus at price P = 36. Once again, just enter in the number, and do not put in any other text or symbols.
The internet changed the way consumers think and behave : How has the Internet changed the way consumers think and behave? What are some of the benefits? What are some of the pitfalls?
Type in the amount of the surplus at price : Type in the amount of the surplus at price P = 36. Once again, just enter in the number, and do not put in any other text or symbols.
What is the importance of testing for this vulnerability : What is the importance of testing for this vulnerability? How many occurrences of the vulnerability did an automated scan discover?
Management of tuberculosis in health facilities : Introduction of new management of tuberculosis in the health facilities.
Computer game retailer has a massive sale : During the summer, the largest computer game retailer has a massive sale. As prices for computer games fall, consumers purchase more games, ceteris paribus.
Discuss the claim related to the furniture : The defendant, Nwabuoku, purchased $1,500 worth of furniture from the plaintiff, Y&N Furniture. Through an arrangement with the plaintiff, the defendant.
Discuss parallel processing and sequential processing : Describe what is meant by parallel processing and sequential processing and identify the different levels of consciousness associated

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology and the changing fabric

Illustrations of concepts from organizational structure, organizational power and politics and organizational culture.

  Case study: software-as-a-service goes mainstream

Explain the questions based on case study. case study - salesforce.com: software-as-a-service goes mainstream

  Research proposal on cloud computing

The usage and influence of outsourcing and cloud computing on Management Information Systems is the proposed topic of the research project.

  Host an e-commerce site for a small start-up company

This paper will help develop internet skills in commercial services for hosting an e-commerce site for a small start-up company.

  How are internet technologies affecting the structure

How are Internet technologies affecting the structure and work roles of modern organizations?

  Segregation of duties in the personal computing environment

Why is inadequate segregation of duties a problem in the personal computing environment?

  Social media strategy implementation and evaluation

Social media strategy implementation and evaluation

  Problems in the personal computing environment

What is the basic purpose behind segregation of duties a problem in the personal computing environment?

  Role of it/is in an organisation

Prepare a presentation on Information Systems and Organizational changes

  Perky pies

Information systems to adequately manage supply both up and down stream.

  Mark the equilibrium price and quantity

The demand schedule for computer chips.

  Visit and analyze the company-specific web-site

Visit and analyze the Company-specific web-site with respect to E-Commerce issues

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd