Task help
s
School of Computing, Engineering and Mathematics
Brief Form
|
Module Title: |
Security and Dependability |
|
Module Code: |
CI510 |
|
Author(s)/Marker(s) of Assignment |
Michalis Pavlidis |
|
Assignment Brief and Assessment Criteria: |
|
Introduction This coursework is an individual task. It allows you to extend your knowledge and understanding of a particular topic presented during the taught component of the module. The coursework counts 30% of the overall marks for CI510.
Vulnerability Scanning is a broad term, used to describe the automated process of detecting defects in an organisation’s security program. Websites are a critical part of almost every business or organisation in the world. Unfortunately, websites are also one of the most unsecured gateways through which an attacker can exploit your organisation. Before attacking any website, a hacker or penetration tester will first compile a list of target surfaces. After they've used some good reconnaissance and found the right places to point their scope at, they'll use a web server scanning tool, such as Nikto, for hunting down vulnerabilities that could be potential attack vectors. It is therefore important to understand website and web application security to protect your organisation.
Nikto is a simple, open-source web server scanner ( https://cirt.net/Nikto2 ) that examines a website and reports back vulnerabilities that it found which could be used to exploit or hack the site. Also, it's one of the most widely used website vulnerabilities tools in the industry, and in many circles, considered the industry standard.
|
OWASP ZAP is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications ( https://www.zaproxy.org/ ).
Your task
The aim of this assignment is to carry out vulnerability scanning using the Nikto and OWASP ZAP web scanners. As a security analyst, you need to write a security analysis report on 10 vulnerabilities of the bWAPP web application. The bWAPP (buggy web application) a free and open source deliberately insecure web application. It helps security enthusiasts, developers, and students to discover and to prevent web vulnerabilities http://www.itsecgames.com . The bWAPP web application is hosted on Apache Web Server and can be accessed at http://127.0.0.1/bWAPP/bWAPP . You can download the Kali Linux virtual machine that contains the web application at http://pavlidis.name/KaliLinux20213.ova
The log in details for the Kali Linux VM are the following:
Username: michalis
Password: rootroot
Deliverables
On or before the deadline you must each submit a single MS Word document through the Turnitin system on Student Central. The document must contain the following elements:
· The security analysis report.
|
Date of issue:
|
30 October 2021 |
|
Deadline for submission:
|
15 january |
|
Method of submission: |
e-submission via TurnItIn on Studentcentral
|
The report must contain an introduction and the main part. The introduction needs to include the steps that you followed to discover the vulnerabilities and the main part needs to include the identified vulnerabilities. For each vulnerability you need to also include a description of the vulnerability, the related CWE, the impact, and the likelihood of the vulnerability being exploited. You need to remove any duplicate vulnerabilities. The length of the report must not exceed 1,000 words.
It is your responsibility to produce a clear and easily understood document. To do this:
· Check the spelling and grammar in your document.
· Use clear, short, and precise language.
· Number the pages.
· Create a table of contents for your document.
· For every figure in your document use a number and a title.
· Write references/citations in a standard format.
· Explain terms, acronyms, and abbreviations.
· Review the document and check for inconsistencies, omissions, redundancies.
Copying and collusion are considered to be academic misconduct and will result in a fail on this assignment.
Assessment criteria
Please see attached sheet and assessment criteria Course Handbook.
|
Date feedback will be provided |
18 February 2021 via the GradeCentre |
1. A copy of your coursework submission may be made as part of the University of Brighton’s and School of Computing, Engineering & Mathematics procedures which aim to monitor and improve quality of teaching. You should refer to your student handbook for details.
2. All work submitted must be your own (or your team’s for an assignment which has been specified as a group submission) and all sources which do not fall into that category must be correctly attributed. The markers may submit the whole set of submissions to the JISC Plagiarism Detection Service.
Assessment Criteria
|
Grade |
General criteria |
|
A+ 80-100% High Distinction |
An outstanding response to the task. The work demonstrates most or all the following characteristics beyond that expected for work at the given level of study within the discipline |
|
A 70-79% Distinction
|
An excellent response to the task. The work demonstrates most or all the following characteristics in relation to those expected at the given level of study within the discipline |
|
B 60-69% Merit |
A good to very good response to the task. The work demonstrates most or all the following characteristics in relation to those expected at the given level of study within the discipline |
|
C 50-59% Pass |
A sound, competent response to the task. The work demonstrates most or all the following characteristics in relation to those expected at the given level of study within the discipline |
|
D 40%-49% Pass |
An adequate, but weak response to the task. The work demonstrates most or all the following characteristics in relation to those expected at the given level of study within the discipline |
|
E <40% |
An unsatisfactory response to the task. The work may display some strengths, but these are outweighed by several weak features in relation to those expected at the given level of study within the discipline |