I need this done by on computer security

profilehelpme2018
example_5.pdf
Home>Computer Science homework help>I need this done by on computer security

1

Homework 5

Demonstrating Porous Defenses Final

Overview

In this homework you use Netbeans to create two different unique and complete demonstrations of

Porous Defenses such as Use of a Broken or Risky Cryptographic Algorithm, Improper Restriction of

Excessive Authentication Attempts, and Use of a One-Way Hash without a Salt. You will demonstrate

and describe how to fix each of the problems. Therefore a total of four code samples will be created.

Two with Porous Defenses and two will have the issues fixed.

Assignment Details

Be sure you have carefully read and understand the materials in weeks 7 and 8.

1. Select 2 CWE/SANS Top 25 vulnerabilities under the category of Porous Defenses from one of

these specific issues:

a. Use of a Broken or Risky Cryptographic Algorithm,

b. Improper Restriction of Excessive Authentication Attempts, and

c. Use of a One-Way Hash without a Salt

Review and try the existing examples in links in the classroom. Use Netbeans to experiment. Work

in multiple languages where possible.

2. Using Netbeans, create your own unique, full example for each of the 2 vulnerabilities in this

category. Note: by unique and full I mean, this should not just be a code snippet. It should be

part of a small application. In other words, you need to adapt the examples provided in the

documentation to something more meaningful and substantive. It doesn’t have to be a large,

overly complex application, but it needs to be complete, and runnable and demonstrate how

this vulnerability may appear in the real world.

3. Demonstrate for each of the two applications they are vulnerable to this attack. You need to

show explicitly the attack you use and demonstrate the impact of the vulnerability. The

demonstration should occur through screen shots and detailed walkthrough of the steps you

performed.

4. Finally, using the information in the CWE/SANS Top 25 vulnerabilities, fix the issues in each of

the two examples you created in step 2.

5. Document the vulnerabilities and describe specifically how the issues were corrected. Note: You

may need to conduct additional research to better understand the vulnerability or the features

associated with a specific language.

Deliverables

Provide all of your source files for this assignment. Two source code files will have software

vulnerabilities. The remaining two will have the issues fixed. Provide any supplemental or utility

files supporting your main source files.

2

Prepare a word or PDF file describing and demonstrating the vulnerabilities in each of your source

files and specifically how you fixed the issue. You should demonstrate with screen shots and code

within the document to report your findings. Note: Be sure to provide all screen shots in one word

of PDF document. You can compress the files using a zip application for easier upload.

Grading Rubric:

Attribute Meets Does not meet

Vulnerabilities 50 points Selects 2 CWE/SANS Top 25 vulnerabilities under the category of Porous Defenses. (10 points) Creates unique, full example for each of the 2 vulnerabilities in this category. (20 points) Demonstrates for each application, they are vulnerable to an attack. (20 points)

0 points Does not select 2 CWE/SANS Top 25 vulnerabilities under the category of Porous Defenses. Does not create unique, full example for each of the 2 vulnerabilities in this category. Does not demonstrate for each application, they are vulnerable to an attack.

Mitigation 25 points Fixes the issues in each of the two examples you created. (25 points)

0 points Does not fix the issues in each of the two examples you created.

Documentation and submissions

25 points Provides all source files (those with vulnerabilities, those fixed and any supplemental files needed to run the application. (5 points) Within a word or PDF file, documents vulnerabilities and describe specifically how the issues were corrected. (10 points) Demonstrates with properly labeled screen captures and code within the document to report your findings. (10 points)

0 points Does not provide all source files (those with vulnerabilities, those fixed and any supplemental files needed to run the application. Within a word or PDF file, does not document vulnerabilities and describe specifically how the issues were corrected. Does not demonstrate with properly labeled screen captures and code within the document to report your findings.