Tedext

Web penetration skills for secure coding - Web project

1.         Objectives

The goal of this assignment is for you to apply your code analyzing and web penetration skills for secure coding on web project. A web project with source codes is provided for you to analyze. You can deploy and test the web application and review the source codes and find out the security vulnerabilities of the program. In the report, identify the web pages and the codes which constitute a security vulnerability. Show screenshots and illustrate how the page can be exploited. Suggest fixes for the flaws, providing code snippets as necessary in the report.

You are to submit a report indicating how the flaw can be exploited, where the flaw is found (web page name and codes) and suggestion of how it can be resolved.

2.         Report (100 marks)

For groups of 2, choose 5 categories from the below and analyse 2 vulnerabilities (1 detailed, 1 brief) per category.

https://www.owasp.org/index.php/Top_10-2017_Top_10

1) Injection (SQL Injection)

2) Broken Authentication

3) Sensitive Data Exposure

4) Broken Access Control

5) XSS (1 stored and 1 reflected)

6) Insufficient Logging & Monitoring

7) CSRF

8) Others

When evaluating the security of the website, please address all of the following elements:

         Type of flaw detected

         How it can be exploited specifically (1 example per category only)

         Identify code snippet exposing the vulnerability (if applicable)

         Recommendation

         Code snippet to solve the vulnerability

         Tools and methods you employed to test the web system.

Your grade for this assignment will be based on the thoroughness of your discussion of ALL of the elements above.

A sample penetration testing report format can be found at: http://www.cstl.com/CST/Penetration-Test/CST-Web-Application-Testing-Report.pdf

Section 4 on detailed findings is an example of how your report might focus on and should cover.

- End -

Web penetration skills for secure coding - Web project

  • Order

  • Payment

  • Processing

  • Delivery

Validation error occured. Please enter the fields and submit it again.
Thank You ! Your email has been delivered.