summary with reference listed.
Mallikarjuna
Assignments.rtf
Assignment 1:
write an ORIGINAL brief essay of 300 words or more describing the history and background of OWASP.Describe the vulnerabilities breifly?
Assignment 2:
Write an overview for Common Weakness Enumeration and their scoring system. Pick one of the common weaknesses identified and describe it.
Assignment 3:
Topic:
Then pick and three passwords: one not secure, one acceptable, and one very secure. Then write a brief description of the passwords you have chosen,
indicating why they are secure or not secure.
Assignment 4:
An IT Security consultant has made three primary recommendations regarding passwords:
Prohibit guessable passwords
1. such as common names, real words, numbers only
2. require special characters and a mix of caps, lower case and numbers in passwords
3. Reauthenticate before changing passwords
4. user must enter old pw before creating new one
5. Make authenticators unforgeable
6. do not allow email or user ID as password
Using WORD, write a brief paper of 200-300 words explaining each of these security recommendations. Do you agree or disagree with these recommendations. Would you change, add or delete any of these?
Add additional criteria as you see necesarry.
Assignment 5:
Do a bit of research on JSON and AJAX.
How do they relate to the the Same-Origin policy?
Assignment 6:
Use the Web to search for methods to prevent XSS attacks.
Write a brief description of more than one method.
Use your own words and supply references.
Assignment 7:
Topic:
The Dangers of Detailed Errors
Validating Input
Single Account Security
SQL Injection in Stored Procedures
Insecure Direct Object References
You are the web master of a college website. You share a server with other school departments such as accounting and HR.
Based on this chapter, create at least five security-related rules for staff members who are adding web pages being added to your site.
Include a justification and explanation for each rule. Rules should relate to college, staff and student, and system information security.
Assignment 8:
Do a bit if research into File Inclusion Vulnerability.
What is it?
Why is is dangerous?
What is the difference of low and remote inclusion?
What methods can me employed to prevent a security breach?
What programming languages are vulnerable to this type of attack.
Assignment 9:
Topic:
Threat Modeling
Threat Assessment
You are the web master for the Republican Party National Committee. Prepare a risk assessment analysis for your website. Some questions to consider:
Who is likely to attack your site?
When are attacks likely to occur?
What sort of attacks might take place?
How can you best minimize attacks and protect the integrity of your site?
Assignment 10:
Do a bit of research on penetration testing techniques. Investigate and document the following
Five network penetration testing techniques
Advantages and disadvantages of each
One notable social engineering test
Possible negative implications of penetration tesing.
Assignment 11:
Do some research on Threat Response software. Find one particular software package to investigate.
What does the software do?
What are it's major features?
What kind of training is required?
How much does the software cost?
Assignment 12:
Research the Dark Web.
Write a brief paper on the following topics: What is the Dark Web? How is it accessed? How is it used by criminals? How can it be used in a positive way?
How can be used by law enforcement and the intelligence services. How can be used by private individuals.
Assignment 13:
Need 500- 600 words on Authentication and Authorization
Powerpoint presentation upto 15 slides on Authentication and Authorization.
Need atleast 300 words for all assignments except the Assignment 13.
