Explain how you can draw the application development

Assignment Help Programming Languages
Reference no: EM132983812

Secure Programming

Task: Based on the coursework to date and your own research answer ten questions below. Question 11 is an optional bonus question. Each question is worth 10 marks, but questions are not of equal difficulty. Some questions seek demonstration of tests on Webgoat. Other questions require examples of code and these should be sourced and referenced from on-line tutorials. Answers should be at least 300 words (excluding references). Include references where appropriate. References should be in the Harvard style. Marks will be awarded for analysis of the problem or issue, correctness of information provided and evidence of independent research.

Note: The questions are "open-ended" and I encourage you to explore the issues covered in each question. It is not enough just to provide a description, I am looking for evidence of critical thinking: analysis of issues, examples of your investigations, etc.

Question 1
In your role as a Security Consultant at InterCorp, your manager has asked you to brief the application development group on implementing Microsoft's Security Development Lifecycle. What are some of the benefits of undertaking such a program? How will it impact their existing Software development methodologies? Explain how you can draw the application development group's attention into the skill of threat modelling.

Question 2
As part of a secure code review of an ASP.Net web application you have discovered the following code for the login page:

1375_figure.jpg

var username = Request.Form["username"]; var password = Request.Form["password"];
var sqlString = "SELECT * FROM Users WHERE username ='" + username + "' AND password = HASHBYTES('SHA2_512', '" + password + "'+ salt)" ;
var connString = WebConfigurationManager.ConnectionStrings
["NorthwindConnectionString"].ConnectionString;

using (var conn = new SqlConnection(connString)) {
var command = new SqlCommand(sqlString, conn);
var dataReader = command.ExecuteReader(CommandBehavior.SingleResult);

if (dataReader.HasRows){
loggedIn = true;
}
dataReader.Close();
}

Identify the vulnerability and remediate the code using appropriate countermeasures. Document your findings and the remediation implemented.

Question 3

OWASP is an organisation that is focused on improving the security of software. In particular, they have concentrated on "Injection flaws". Explain what an Injection flaw is. Based on Webgoat, how would you test for an Injection flaw? Work through your test and include appropriate screen shots.

Question 4

In your role as an analyst for TMP Co you have been asked to review the following authentication routine for a customer's python web application. The application is expected to handle large numbers of users at peak times. Identify any issues with the code and evaluate potential fixes and the trade-offs they may require. Justify your choice of a fix and then document the code showing where and how to implement the fix.

import hashlib
def authenticate_user(username, password): #retrieve user details from database user = usermodel.details(username) password_hash = user.password

if hashlib.md5(password) == password_hash: return 'True'
else:
return 'False'

Question 5
In your role as a Security Consultant at InterCorp, your manager has asked you to brief the application development group on implementing Microsoft's Security Development Lifecycle. What are some of the benefits of undertaking such a program? How will it impact their existing Software development methodologies? Explain how you can draw the application development group's attention into the skill of threat modelling.

Question 6
During an application pen-test you noticed that the application is providing a large amount of information back to the user under error conditions. Explain the security issues this may present. Describe and analyse the correct methodology for handling errors, and recording diagnostic information. What else might this information be useful for?

Question 7
When logging on to your account on a company's website you see the following message:
What may this be indicative of? Explain why this is not valid and describe a more robust approach.
N.B. There may be multiple causes for this; credit will be awarded for identifying at least 2 issues.

Question 8
You have been asked by your manager to investigate the advantages and disadvantages of encryption using GPU chips. As part of your investigation highlight recent advances in encryption acceleration using NVIDIA's CUDA technology. What API's are available and what are their advantages and limitations? Highlight security issues. Your investigation must be supported by references and ideally some coding examples (e.g., from on-line tutorials).

Question 9

You have decided to discuss a possible security flaw in your organisation's new software which will soon be released to production. You decide to talk at next team meeting and ask the team to make sure users cannot enter HTML code as input into the application. You need to cover the following points: What is this type of security flaw? How would you mitigate it? Prepare an example using the MS Threat Analysis tool and give an example of a use case. Since you will be addressing a development team, some example mitigation code examples (from on-line tutorials) would be desirable.

Question 10
In Threat Analysis, what is a "trust boundary"? Your goal is to improve security by fortifying the trust boundaries of your organisation's web site. What recommendation would you make to your manager? Include explanations of advantages and issues. Illustrate your recommendation using MS Threat Analysis tool.

Question 11
Your manager has instructed you to write a review for the development team on using MS Attack Surface Analyser. You must define what makes up the attack surface of an application. Your explanation should be supported by examples, references to tutorials and for completeness, screenshots of your use of the attack surface software.

Attachment:- Secure Programming Assignment.rar

Reference no: EM132983812

Questions Cloud

How much in excess reserves does each bank? have : If National Bank of Guerneville has? $4 million in reserves and Commonwealth has? $5 million in? reserves, how much in excess reserves does each bank? have?
Employee perceptions of talent management effectiveness : -Are the ideas relevant or applicable to your workplace? The Philippine situation? Why/Why not?
Develop an appropriate discount rate for midland energy : Develop an appropriate discount rate for Midland Energy Resources. Identify all variables included in your calculation and describe your assumptions in detail.
What is the variable cost per copy : GEM made 5,000 copies and paid a total of $600 in January. In April, they paid $400 for 3,000 copies. What is the variable cost per copy
Explain how you can draw the application development : Explain how you can draw the application development group's attention into the skill of threat modelling - Identify the vulnerability and remediate
Discourage employees to develop professional skills : Explain an organization you worked for that emphasized or deemphasized career development. How did the organization encourage or discourage employees to develop
What price would a second investor pay the first investor : Assuming the market rate is still 10%, what price would a second investor pay the first investor on June 30, 2023, for $10,000 of the bonds?
What is internal recruiting of job candidates : What is internal recruiting of job candidates most directly connected to? It is organizational structure, campus recruiting, a realistic job preview, or scenari
What is the amount of change in sister capital account : Two years after the profit and loss ratios are changed, the land is sold for P2,000,000. What is the amount of change in Sister's capital account

Reviews

Write a Review

Programming Languages Questions & Answers

  Write a haskell program to calculates a balanced partition

Write a program in Haskell which calculates a balanced partition of N items where each item has a value between 0 and K such that the difference b/w the sum of the values of first partition,

  Create an application to run in the amazon ec2 service

In this project you will create an application to run in the Amazon EC2 service and you will also create a client that can run on local machine and access your application.

  Explain the process to develop a web page locally

Explain the process to develop a Web page locally

  Write functions

These 14 questions covers java class, Array, link list , generic class.

  Programming assignment

If the user wants to read the input from a file, then the output will also go into a different file . If the user wants to read the input interactively, then the output will go to the screen .

  Write a prolog program using swi proglog

Write a Prolog program using swi proglog

  Create a custom application using eclipse

Create a custom Application Using Eclipse Android Development

  Create a application using the mvc architecture

create a application using the MVC architecture. No scripting elements are allowed in JSP pages.

  Develops bespoke solutions for the rubber industry

Develops bespoke solutions for the rubber industry

  Design a program that models the worms behavior

Design a program that models the worm's behavior.

  Writing a class

Build a class for a type called Fraction

  Design a program that assigns seats on an airplane

Write a program that allows an instructor to keep a grade book and also design and implement a program that assigns seats on an airplane.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd