User Account

All Pages

Assignment on software vulnerability

Assignment Help Computer Network Security
Reference no: EM13861750

Assignment on Software Vulnerability Software vulnerabilities, especially vulnerabilities in code, are a major security problem today. Not all bug or flaws in software become security vulnerabilities, but some of them do. An attacker can exploit these vulnerabilities to cause major disruption to a business.

An exploit can result in a variety of damages including crash of a system, taking the role of a super user, deleting of information in a file or an entire file, changing critical content in a database or a file, stealing valuable proprietary information, planting of malware, turning a system into a bot so to launch attacks on other systems.

Common software code vulnerabilities include: Buffer overflow Logic error or logic bombs Race conditions Format string vulnerability Cross-site scripting Cross-site request forgery SQL and other command injection Memory leak Incomplete mediation Integer overflow, underflow, and sign conversion errors Insufficient data validation The name of vulnerability and the name of an attack that exploits it are often called by the same name.

For example, the attack that exploits the buffer overflow vulnerability is known as the buffer overflow attack. Similarly, a race-condition attack leverages a race condition vulnerability.

An attacker can and have exploited more than one vulnerability in the same attack to cause more damage than would be possible with a single vulnerability.

Two organizations focus on improving software security and thus track the various vulnerabilities on a continual basis.

They are (1) Common Weakness Enumeration (CWE) by SANS/Mitre HYPERLINK "https://cwe.mitre.org/index.html" https://cwe.mitre.org/index.html), and (2) The Open Web Application Security Project (OWASP) (see HYPERLINK "https://www.owasp.org/index.php/About_OWASP" https://www.owasp.org/index.php/About_OWASP ).

I am attaching two documents here two documents, CWE Top 25 and OWASP Top 10. Please note the vulnerabilities or the type of vulnerabilities are not the same in these two lists.

This is because, OWASP's focuses only on web applications. Also, the two lists are also not exactly the same as the above bulleted list. They do, however, overlap.

In this exercise, you will investigate two vulnerabilities of your choice from these two lists or any other reputable source. For each of the two vulnerabilities you have chosen, you will explain the vulnerability including where it occurs (e.g., C language, database, web browser, etc.), and an example attack that exploited it.

You will also describe how the vulnerability can be minimized, prevented or mitigated. All the description should be in your own words. You may use code excerpt to illustrate the vulnerability or remove the flaw that is the source of the vulnerability. Your report should not be more than two pages long (double-spaced) for each vulnerability.

You need to consult at least two references for each vulnerability. If you have a good C/C++ programming background, you may want to explore the following site: HYPERLINK "https://www.cis.syr.edu/~wedu/seed/labs.html" https://www.cis.syr.edu/~wedu/seed/labs.html (See Software Security and Web Security Labs.)

There is an in-depth technical description and even a video class room presentation on many of these vulnerabilities, and how to exploit them and mitigate them in a lab setting.

Feel free to try the one or more of these laboratory exercises using the Ubuntu VM you can download from the site, but you are on your own.

I would certainly like to hear about your experience if you have actually tried one or more of these lab exercises.

Reference no: EM13861750

Questions Cloud

Design addresses the values of the organization : Completely redesign the IBM LOGO Use word, PowerPoint,or any application. The logo should represent the values of the organization. Using PowerPoint to create a presentation to sell your logo.
Write paper a about condition monitoring for solar cells : Write a research paper about CONDITION MONITORING FOR THE LIFE CYCLE OF SOLAR CELLS. Analyse the data available (past researches) and use it to create the preliminary report or background/introduction.
Increase in the supply of reserves in the banking system : Which of the following is a rate that should theoretically serve as a floor for the Fed funds rate? A dealer is said to be running a "matched book" if. An increase in the supply of reserves in the banking system leads to an increase in the Fed funds ..
Evaluation of what they eat an example of ethnocentrism : How is your evaluation of what they eat an example of ethnocentrism? What about your cultural practices makes those food seem weird? How can you look at what they eat in a more culturally relative way
Assignment on software vulnerability : Assignment on Software Vulnerability - Software vulnerabilities, especially vulnerabilities in code, are a major security problem today - Investigate two vulnerabilities of your choice from these two lists or any other reputable source
Price elasticity of demand : If the price elasticity of demand is E = -1/2, a 10% increase in the price will
Any example of irrational behavior by consumers : Economists assume that consumers attempt to maximize their utility based upon their preferences, income and price of commodities. do you see any weakness of the above are you aware of any example of irrational behavior by consumers(or yourself )?
Advantages and disadvantages of using teams at holden? : What are the advantages and disadvantages of using teams at Holden?
Analysis of the financial crisis in greece : Which sociological concepts can you apply to your analysis of the financial crisis in Greece? How best can you explain the problem and the solution- if any- in sociological terms

Reviews

Write a Review

Computer Network Security Questions & Answers

  Cisco firewall

Using the Web, research the costs associated with the following items when implemented by a firm with 1,000 employees and 100 servers, Managed antivirus software (not open source) license for 500 workstations, Cisco firewall

  Current malware activity

Question: Of the top threats, how many can be classified as viruses? Worms? Trojans? Question: How many of them were discovered today? In the past week? How many are at least 1 year old?

  Calculate m mod p in rsa cryptosystem

Assume that instead of using composite N = pq in RSA cryptosystem, we simply use prime modulus p. Calculate m mod p. Justify correctness and analyze running time of decryption algorithm.

  Cost-of-use issues are of client-dominant local area network

What technology and cost-of-use issues are associated with a client-dominant local area network? Think about what happens as the network grows in size.

  How to generate the same hash value

A 1,024-bit message is used to generate a 24-bit hash. On the average, how many other messages could be expected to generate the same hash value? What is the probability that two massages that generate the same 24-bit hash?

  Describe how bob can recover the message

Describe how Bob can recover the message - Through how many ciphertext blocks is this error propagated? What is the effect at the receiver?

  What is the value of your shared secret key

You begin the session by sending X your calculated value of TA. X responds by sending you the value TB = 167. What is the value of your shared secret key? Show all your work.

  Encryption in investigations

Encryption in Investigations-Discuss in your own words the effects that encryption can have on incident response activities, and explain how the use of encryption technologies could prove to be detrimental to an investigation

  How do they fit within the situational crime prevention

What are the countermeasures to those threats, and how do they fit within the Situational Crime Prevention framework - how does the current law help or hinder your countermeasures? Are there any proposals for laws that would assist?

  Network security fundamentals

The Chief Executive Officer (CEO) and other business staff have no knowledge of network security or the threats they face. They have an open position for a Chief Information Security Officer (CISO), but have yet to fill it. Thus, they hire you for..

  Create an overloaded constructor

Create the statements to make an overloaded constructor for the class named Car. The constructors should support 0, 1, or 2 arguments. The 1st argument will denote engine size and contain an Integer.

  Data security or computer-network security

The second research report should include applications of the security theories, principles, and techniques of the subject.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd