编程代写｜SD6503 Testing and Secure Coding Assignment Two
- There are THREE tasks in this Assignment.
- Submit your Assignment document file in Microsoft Word named “YourName_YourStudentID” through the Moodle submission system on or before the due date.
Extensions of time will only be granted for students who have an acceptable documented reason for not completing the assessment by the specified due date.
This assignment is worth 30% of the total module.
The assignment will be marked out of 100.
See details of terms in the Bachelor of Information Technology handbook 2022.
Copying the work of others, or using other people’s ideas as your own without acknowledging the source is called plagiarism. Lecturers will not accept such work and you may be penalised by losing marks or failing an assessment.
All individual assignments and tests must be entirely your own work. Discussion and assistance between students who are working in groups is ok, but all work handed in must be your own work and written in your own words, except for assignments based on group achievement. To reinforce this, you are required to sign the declaration on the cover sheet of each assignment. Further information is in the Guidelines for Written Assignments handbook and the Faculty of Business and Information Technology Student Handbook.
Task One: Web Application Security Risks (30 Marks)
Download and study the report on “The Ten Most Critical Web Application Security Risks”, OWASP (Open Web Application Security Project) Top 10, 2017 .This is available from this link on moodle:
Choose ONE of the security risks that you believe is most likely to occur in your development or is the most important issue. Write a short report (Provide word count or number of pages) in your own words (copy nad paste will get 0 mark, except code example) for the risk you selected. In the summary, you need to
- Explain why you chose it
- What impact it can have on your applciation
- Whether your application is vulnerable to this risk
- How to prevent the risk
- provide two examples of attack scenarios.
Task TWO: Dangerous Software Errors (40 Marks)
Study “Top 25 Most Dangerous Software Errors” through link on Moodle ( https://cwe.mitre.org/top25/ ). Choose TWO of the dangerous errors that you believe is most likely to occure in your development or is the most important issue.
Write a short report report (Provide word count or number of pages) in your own words (with APA reference and citations, copy and paste will get 0 mark, except code example) for the TWO dangerous errors you concern. It should include:
- Technical details
- code examples;
- detection method
Task Three: Summary to above tasks (30 Marks)
It is expected the following questions to be answered as a summary to the above two tasks.
- What were the vulnerabilities exposed in the above two tasks?
- How were the vulnerabilities exploited?
- Can this exploit be detected? If so, how?
- What are the defences that can be used for these types of vulnerability? Include one to three paragraphs on secure coding issues in your answer.
- If you were submitting a security policy for consideration, what policy would you propose to cover the security risk exposed in the above two tasks?