User Account

All Pages

Explain what is importance of testing for the vulnerability

Assignment Help Computer Engineering
Reference no: EM131765181

Assignment: Input Validation and Business Logic Security Controls

Overview:

This homework will demonstrate your knowledge of testing security controls aligned with Input validation and business logic. You will also use the recommended OWASP testing guide reporting format to report your test findings.

Task

Using the readings as a baseline, analyze, test and document the results for the tutoring web application found on the SDEV virtual machine. Use both manual means and automated tools (e.g., ZAP). The latter will enable you to discover more information than a cursory manual examination. Specific tests to be conducted include:

1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)

- What is the importance of testing for this vulnerability?

- How many occurrences of the vulnerability did an automated scan discover?

- What is your recommendation to address any issues?

- Can you place a simple JavaScript alert (e.g., DeleteSession.php as an example)?

2. Testing for Stored Cross site scripting (OTG-INPVAL-002)

- What is the importance of testing for this vulnerability?

- What happens when you attempt to add a pop-up window (e.g., <script>alert(document.cookie)</script>) to the email input field within the "index.html" field?

- Can you introduce Stored Cross site scripting?

3. Testing for SQL Injection (OTG-INPVAL-005)

- Did your manual and automated testing discover any SQL Injection vulnerabilities - if so, how many? (Note: There should be at least one occurrence).

- Name two or more steps you can take according to the reading to resolve the issue.

- Fix and test at least one occurrence of the vulnerabilities - displaying your resulting source code and output results.

4. Testing for Code Injection (OTG-INPVAL-012)

- What is the importance of testing for this vulnerability?

- What are at least two measures you can take to remediate this issue?

- Can you input some simple html code or exploit Remote File Inclusion (RFI)?

5. Test business logic data validation (OTG-BUSLOGIC-001)

- What are at least two examples of business logic errors? This could be from various input forms or areas you discovered in previous HW assignments.

- How can you mitigate against such errors?

6. Test integrity checks (OTG-BUSLOGIC-003)

- Do Drop down menus exist and are they sufficient for the application? Why does the use of drop-down menus help mitigate against this risk?

- Does your manual or automated scan reveal the use of password "AUTOCOMPLETE"? What issue, if any, does the use of AUTOCOMPLETE pose?

7. Test defenses against application misuse (OTG-BUSLOGIC-007)

- What is the importance of testing for this vulnerability?

- Can adding additional characters in input fields cause unexpected results? Verify for at least two instances.

General Guidelines

You should document the results for the tests, your comments, and recommendations for improved security for each security control tested in a word or PDF document. The format of your document should be the format that is recommended in chapter 5 of the OWASP testing guide. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.

Reference no: EM131765181

Questions Cloud

Explain the cultural influences in family dynamics : Explain the cultural influences in family dynamics and relationships present and how they might impact your professional responsibilities.
What is the impact on heerey total stockholders equity : What is the impact on heerey's total stockholders' equity for the year ended December 31, 2007, as a result of this transaction under the fair value method
What is the value of foggy stock : Foggy currently pays a dividend of $0.36 per share. What is the value of Foggy's stock to an investor who requires a 16% rate of return?
What are klein and satel and lilienfeld theses : What are Klein and Satel and Lilienfeld's theses?
Explain what is importance of testing for the vulnerability : Explain What is the importance of testing for this vulnerability? What happens when you attempt to add a pop-up window to the email input field?
Compute net cash flow from sale of the software : Techno Corp. management is considering developing new computer software. The cost of development will be $675,000, and management expects the net cash flow.
Find amount of compensation expenses windom should record : The amount of compensation expenses Windom should record for 2007 under the fair value method is
Discuss categories of accounts on the financial statements : specific category or categories of accounts on the financial statements are misstated and if they are overstated or understated
Compute the amount owed on the mortgage : Thayer Company purchased a building on January 2 by signing a long-term $3360000 mortgage with monthly payments of $30800.

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd