27 Aug Software Vulnerability Research
For each of the two vulnerabilities you have chosen, you will explain the vulnerability including where it occurs (e.g., C language, database, web browser, etc.), and an example attack that exploited it. You will also describe how the vulnerability can be minimized, prevented or mitigated. All the description should be in your own words. You may use code excerpt to illustrate the vulnerability or remove the flaw that is the source of the vulnerability.
Assignment on Software Vulnerability
Software vulnerabilities, especially vulnerabilities in code, are a major security problem today. Not all bug or flaws in software become security vulnerabilities, but some of them do. An attacker can exploit these vulnerabilities to cause major disruption to a business. An exploit can result in a variety of damages including crash of a system, taking the role of a super user, deleting of information in a file or an entire file, changing critical content in a database or a file, stealing valuable proprietary information, planting of malware, turning a system into a bot so to launch attacks on other systems.
1. Please pick two to report on:
Common software code vulnerabilities include:
Buffer overflow
Logic error or logic bombs
Race conditions
Format string vulnerability
Cross-site scripting
Cross-site request forgery
SQL and other command injection
Memory leak
Incomplete mediation
Integer overflow, underflow, and sign conversion errors
Insufficient data validation
The name of vulnerability and the name of an attack that exploits it are often called by the same name. For example, the attack that exploits the buffer overflow vulnerability is known as the buffer overflow attack. Similarly, a race-condition attack leverages a race condition vulnerability. An attacker can and have exploited more than one vulnerability in the same attack to cause more damage than would be possible with a single vulnerability.
Two organizations focus on improving software security and thus track the various vulnerabilities on a continual basis. They are (1) Common Weakness Enumeration (CWE) by SANS/Mitre HYPERLINK “https://cwe.mitre.org/index.html” https://cwe.mitre.org/index.html), and (2) The Open Web Application Security Project (OWASP) (see HYPERLINK “https://www.owasp.org/index.php/About_OWASP” https://www.owasp.org/index.php/About_OWASP ). I am attaching two documents here, CWE Top 25 and OWASP Top 10. Please note the vulnerabilities or the type of vulnerabilities are not the same in these two lists. This is because, OWASP’s focuses only on web applications. Also, the two lists are also not exactly the same as the above bulleted list. They do, however, overlap.
In this exercise, you will investigate two vulnerabilities of your choice from these two lists or any other reputable source. For each of the two vulnerabilities you have chosen,you will explain the vulnerability including where it occurs (e.g., C language, database, web browser, etc.), and an example attack that exploited it. You will also describe how the vulnerability can be minimized, prevented or mitigated. All the description should be in your own words. You may use code excerpt to illustrate the vulnerability or remove the flaw that is the source of the vulnerability.
Your report should not be more than two pages long (double-spaced) for each vulnerability. You need to consult at least two references for each vulnerability. If you have a good C/C++ programming background, you may want to explore the following site: HYPERLINK “http://www.cis.syr.edu/~wedu/seed/labs.html”http://www.cis.syr.edu/~wedu/seed/labs.html (See Software Security and Web Security Labs.) There is an in-depth technical description and even a video class room presentation on many of these vulnerabilities, and how to exploit them and mitigate them in a lab setting. Feel free to try the one or more of these laboratory exercises using the Ubuntu VM you can download from the site, but you are on your own. I would certainly like to hear about your experience if you have actually tried one or more of these lab exercises.
The assignment will be graded using the following rubric:
Description of the Vulnerability: 50%
Mitigation/Prevention Techniques: 30%
Bibliography: 10%
Grammar/English: 10%
The entire assignment is worth 10% of your final grade.
HYPERLINK “OWASP%20Top%2010%20-%202013.pdf” OWASP Top 10 – 2013.pdf
HYPERLINK “2011_cwe_sans_top25.pdf” 2011_cwe_sans_top25.pdf
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.
About Writedemy
We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.
How It Works
To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Are there Discounts?
All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.