User Account

All Pages

Explain what is importance of testing for the vulnerability

Assignment Help Computer Engineering
Reference no: EM131765181

Assignment: Input Validation and Business Logic Security Controls

Overview:

This homework will demonstrate your knowledge of testing security controls aligned with Input validation and business logic. You will also use the recommended OWASP testing guide reporting format to report your test findings.

Task

Using the readings as a baseline, analyze, test and document the results for the tutoring web application found on the SDEV virtual machine. Use both manual means and automated tools (e.g., ZAP). The latter will enable you to discover more information than a cursory manual examination. Specific tests to be conducted include:

1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)

- What is the importance of testing for this vulnerability?

- How many occurrences of the vulnerability did an automated scan discover?

- What is your recommendation to address any issues?

- Can you place a simple JavaScript alert (e.g., DeleteSession.php as an example)?

2. Testing for Stored Cross site scripting (OTG-INPVAL-002)

- What is the importance of testing for this vulnerability?

- What happens when you attempt to add a pop-up window (e.g., <script>alert(document.cookie)</script>) to the email input field within the "index.html" field?

- Can you introduce Stored Cross site scripting?

3. Testing for SQL Injection (OTG-INPVAL-005)

- Did your manual and automated testing discover any SQL Injection vulnerabilities - if so, how many? (Note: There should be at least one occurrence).

- Name two or more steps you can take according to the reading to resolve the issue.

- Fix and test at least one occurrence of the vulnerabilities - displaying your resulting source code and output results.

4. Testing for Code Injection (OTG-INPVAL-012)

- What is the importance of testing for this vulnerability?

- What are at least two measures you can take to remediate this issue?

- Can you input some simple html code or exploit Remote File Inclusion (RFI)?

5. Test business logic data validation (OTG-BUSLOGIC-001)

- What are at least two examples of business logic errors? This could be from various input forms or areas you discovered in previous HW assignments.

- How can you mitigate against such errors?

6. Test integrity checks (OTG-BUSLOGIC-003)

- Do Drop down menus exist and are they sufficient for the application? Why does the use of drop-down menus help mitigate against this risk?

- Does your manual or automated scan reveal the use of password "AUTOCOMPLETE"? What issue, if any, does the use of AUTOCOMPLETE pose?

7. Test defenses against application misuse (OTG-BUSLOGIC-007)

- What is the importance of testing for this vulnerability?

- Can adding additional characters in input fields cause unexpected results? Verify for at least two instances.

General Guidelines

You should document the results for the tests, your comments, and recommendations for improved security for each security control tested in a word or PDF document. The format of your document should be the format that is recommended in chapter 5 of the OWASP testing guide. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.

Reference no: EM131765181

Questions Cloud

Explain the cultural influences in family dynamics : Explain the cultural influences in family dynamics and relationships present and how they might impact your professional responsibilities.
What is the impact on heerey total stockholders equity : What is the impact on heerey's total stockholders' equity for the year ended December 31, 2007, as a result of this transaction under the fair value method
What is the value of foggy stock : Foggy currently pays a dividend of $0.36 per share. What is the value of Foggy's stock to an investor who requires a 16% rate of return?
What are klein and satel and lilienfeld theses : What are Klein and Satel and Lilienfeld's theses?
Explain what is importance of testing for the vulnerability : Explain What is the importance of testing for this vulnerability? What happens when you attempt to add a pop-up window to the email input field?
Compute net cash flow from sale of the software : Techno Corp. management is considering developing new computer software. The cost of development will be $675,000, and management expects the net cash flow.
Find amount of compensation expenses windom should record : The amount of compensation expenses Windom should record for 2007 under the fair value method is
Discuss categories of accounts on the financial statements : specific category or categories of accounts on the financial statements are misstated and if they are overstated or understated
Compute the amount owed on the mortgage : Thayer Company purchased a building on January 2 by signing a long-term $3360000 mortgage with monthly payments of $30800.

Reviews

Write a Review

Computer Engineering Questions & Answers

  In brief explain your role as an employee of an

briefly describe your role as an employee of an organization in the is field. give examples of what you need to know

  Questionwrite down java-like pseudocode to specify the

questionwrite down java-like pseudocode to specify the logic for following program application-write down an

  Discuss five characteristics of direct manipulation systems

question 1 discuss five characteristics of direct manipulation systems according to shneidermanquestion 2 give four

  Find the closed from for tn

Find the closed from for T(n)= 4T (n/2) where T (1) =1 ( Tip: suppose n is a power of 2) - You have to evaluate the given question and provide all the computation.

  Define the divide-and-average algorithm

The divide-and-average algorithm for approximating the square root of any positive number a is as follows: Take any initial approximation x that is positive, and then find out a new approximation by calculating the average of x and a/x, that is, (..

  Make a form for a car rental company

The number of days that the customer would have the car will be determined by the difference between the current date and the future date selected on the calendar.

  Evaluate the threaded implementation of thesort algorithm

Evaluate the threaded implementation of thesort algorithm relative to data integrity and concurrency control. Is the threaded implementation correct, orare there data integrity concerns due to concurrency control?

  A brief introduction and summary of the articleanalysis of

the textbook mentioned the stanford prison experiment conducted by psychologist philip zimbardo at stanford university

  How do results of parsing the following two sentences differ

Create a table named Inventory using the instructions and create a one-to-many relationship between SALES_REP and INVENTORY.

  Evaluate and choose appropriate software design patterns

Demonstrates an ability to evaluate a problem and choose an appropriate software design pattern. Demonstrates a sound understanding of the chosen software

  Give two reasons why caches are useful

Give two reasons why caches are useful. What problems do they solve? What problems do they cause?

  How ip addressing work with dns servers to process a request

Draw a map, labeling every aspect, which represents how IP addressing works with DNS servers to process a request for a web page from your computer that returns the web page. Assume that it takes a few DNS servers to find the IP address.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd