Software vulnerability exercise
Assignment on Software Vulnerability Software vulnerabilities, especially vulnerabilities in code, are a major security problem today. Not all bug or flaws in software become security vulnerabilities, but some of them do. An attacker can exploit these vulnerabilities to cause major disruption to a business. An exploit can result in a variety of damages including crash of a system, taking the role of a super user, deleting of information in a file or an entire file, changing critical content in a database or a file, stealing valuable proprietary information, planting of malware, turning a system into a bot so to launch attacks on other systems. Common software code vulnerabilities include: • • • • • • • • • • • Buffer overflow Logic error or logic bombs Race conditions Format string vulnerability Cross-site scripting Cross-site request forgery SQL and other command injection Memory leak Incomplete mediation Integer overflow, underflow, and sign conversion errors Insufficient data validation The name of vulnerability and the name of an attack that exploits it are often called by the same name. For example, the attack that exploits the buffer overflow vulnerability is known as the buffer overflow attack. Similarly, a race-condition attack leverages a race condition vulnerability. An attacker can and have exploited more than one vulnerability in the same attack to cause more damage than would be possible with a single vulnerability. Two organizations focus on improving software security and thus track the various vulnerabilities on a continual basis. They are (1) Common Weakness Enumeration (CWE) by SANS/Mitre https://cwe.mitre.org/index.html), and (2) The Open Web Application Security Project (OWASP) (see https://www.owasp.org/index.php/About_OWASP ). I am attaching two documents here, CWE Top 25 and OWASP Top 10. Please note the vulnerabilities or the type of vulnerabilities are not the same in these two lists. This is because, OWASP’s focuses only on web applications. Also, the two lists are also not exactly the same as the above bulleted list. They do, however, overlap. In this exercise, you will investigate two vulnerabilities of your choice from these two lists or any other reputable source. For each of the two vulnerabilities you have chosen, you will explain the vulnerability including where it occurs (e.g., C language, database, web browser, etc.), and an example attack that exploited it. You will also describe how the vulnerability can be minimized, prevented or mitigated. All the description should be in your own words. You may use code excerpt to illustrate the vulnerability or remove the flaw that is the source of the vulnerability. Your report should not be more than two pages long (double-spaced) for each vulnerability. You need to consult at least two references for each vulnerability. If you have a good C/C++ programming background, you may want to explore the following site: http://www.cis.syr.edu/~wedu/seed/labs.html (See Software Security and Web Security Labs.) There is an in-depth technical description and even a video class room presentation on many of these vulnerabilities, and how to exploit them and mitigate them in a lab setting. Feel free to try the one or more of these laboratory exercises using the Ubuntu VM you can download from the site, but you are on your own. I would certainly like to hear about your experience if you have actually tried one or more of these lab exercises. The assignment will be graded using the following rubric: • • • • Description of the Vulnerability: 50% Mitigation/Prevention Techniques: 30% Bibliography: 10% Grammar/English: 10% The entire assignment is worth 10% of your final grade. OWASP Top 10 – 2013.pdf 2011_cwe_sans_top25.pdf
Collepals.com Plagiarism Free Papers
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.