Perform security exploits on web applications and websites

Assignment Help Computer Network Security

Reference no: EM131051883 , Length: 8

Advanced Topics in Digital Security

Objectives

- To apply skills and knowledge acquired throughout the trimester in exploiting web application security loopholes and the techniques to fix such loopholes.
- To demonstrate ability to use WebGoat to test security exploits on web applications and servers.
- To gain experience in documenting every application exploit that was tested.

Problem Statement

You are required to perform security exploits on web applications and websites. To complete this assignment, you need to select and choose FOUR of the security topics of web application security lessons specified in the WebGoat J2EE web application package, including topics and tools that we have not covered but you may find interesting. You may choose to use WebGoat and any appropriate tools from the SIT704 CloudDeakin course website to complete this assignment. You can also use other non-commercial (free and open-source) tools (e.g. WebScarab, Wireshark, w3af, metasploit) to help you complete this assignment. You are not allowed to use any commercial security-related or automated hacking products such as IBM Security AppScan for this assignment. To demonstrate your achievement of these goals, you must write a 2,000 word report.

Your report should consist of the following chapters:

1. A proper title which matches the contents of your report.

2. Your name and Deakin student number in the author line.

3. An executive summary which summarizes your findings.

(You may find hints on writing good executive summaries from https://unilearning.uow.edu.au/report/4bi1.html.)

4. An introduction chapter which lists the four vulnerabilities of your choice, the impact of these vulnerabilities, the brief summary of your findings, and the organization of the rest of your report.

5. A literature review chapter which surveys the latest academic papers regarding the four vulnera- bilities of your choice. With respect to each vulnerability, you are advised to identify and include at least two papers published by ACM and IEEE journals or conference proceedings. Your review must not simply be a summary of each paper, but rather a deep analysis of the body of work reported in the set of paper. Your aim in this part of the report is to demonstrate deep and thorough understanding of the existing body of knowledge encompassing multiple vulnerabilities of modern web applications. (Please read through the hints on this web page before writing this chapter https://www.uq.edu.au/student-services/learning/literature-review.)

6. A technical demonstration chapter which consists of fully explained screenshots when your tests were conducted. That is, you should explain the identification of your target web services or web applications, the information about the server(s), each step of the procedure of exploitation, and the results. You must prove that your tests are original.

7. A conclusions chapter which summarizes major findings of the study and indicates future work which should be conducted in the area.

8. A bibliography list of all cited papers and other resources. You must use in-text citations in Harvard style and each citation must correspond to a bibliography entry. There must be no bibliography entries that are not cited in the report. (You should know the contents from this page https://www.deakin.edu.au/students/study-support/referencing/harvard.)

Reference no: EM131051883

Questions Cloud

Pattern of embryological development : How does a pattern of embryological development provide further evidence that organisms have descended from a common ancestor?

Bond between phosphate group and ribose sugar group : 1. The bond between a phosphate group and the ribose sugar group in RNA is called which of the following? 2. Alternative Splicing is the process that does what to the exons and introns?

Look for other multilingual information : Visit four or five public locations in your community such as schools, hospitals, city/county buildings, or airports. See how many signs are posted in different languages (don't forget the restrooms) and look for other multilingual information, su..

Call-e-mail or visit a local business : Call, e-mail, or visit a local business that imports foreign goods (perhaps a wine or specialty foods importer). Ask the owner or manager about the business's participation in global trade, and compile a list of the advantages and disadvantages he..

Perform security exploits on web applications and websites : SIT704 - Advanced Topics in Digital Security - Perform security exploits on web applications and websites and you may choose to use WebGoat and any appropriate tools from the SIT704 CloudDeakin course website to complete this assignment.

What types of contracts and fee compensation associated with : What is the difference between lump sum and cost plus a fee compensation? What is fast track construction, and what types of contracts and fee compensation is it mostly commonly associated with?

What is the solution to the confusion about race : Despite being informative, this article poses a few questions in a reader's mind. What is the solution to the confusion about race? Does it mean that race is only biological and has no relationship to the social ties?

Find out firsthand the global impact : Find out firsthand the global impact on your life. How many different countries' names appear on the labels in your clothes? How many languages do your classmates speak? List the ethnic restaurants in your community. Are they family-owned or corpo..

Display and discuss the publications : Have each class member write to two or three trade associations at the beginning of the term to request their lists of publications, and then have each send for some of the publications.

User Account

All Pages