模块学习代写|6005-CEM CW1 Security Audit

这是一篇来自英国的关于模块学习作业代写

 

Task and Mark Distribution

In this coursework you are required to perform a security audit of a computer system and write a report on the results of the audit.

You will have access to a copy of the system, and the source code, you can find details on the learning platform.

Machine / Source Code Release

The VM and source code will be released in week 6 of the module.

The Audit

You will need to perform an audit to find potential flaws in the system. You are free to choose appropriate method(s) for the audit process.

This can include (and is not limited to):

Code Review

Use of Automated tools

Fuzzing

Automated Code Review

While you are free to use any appropriate method for the audit. You will be expected to justify the decision. Why are the approaches chosen appropriate for the audit process, what are the benefits and drawbacks of the audit methods chosen.

The Report.

You are expected to write a report suitable for a technical audience.

The report should describe the process used to Audit the system, and discuss any security issues found.

It is expected that the report will contain.

A description of the Audit method(s) used.

Methods used, and Justification.

Brief Description of any issues found, and an assessment of their seriousness

Overview and description of ALL vulnerabilities found in the system.

Use an appropriate risk rating system for the issues found to categorise them, an show severity.

Detailed description of ONE issue.

What is the problem

How Severe is the problem

Any Suggestions for mitigation.

It is expected you make use of the supporting literature, and relevant citations, to support your findings.

Report Structure

A suggested structure for the report would be:

Introduction

Audit Method(s)

Description and justification for the Audit methods chosen.

Audit Results

Summary of results from code audit.

Summary of security vulnerabilities discovered.

Discussion of chosen vulnerability

Detailed description of a single vulnerably

Conclusions

Submission Instructions

Please submit your final report in PDF, or WORD format, via the submission link.

Marking Matrix

The Table below gives the minimums required to meet a grade boundary.

Introduction and Conclusions

Should contextualise the report, providing background to the topic, discussing the content of the report in the context of security and

highlighting the key findings.

Grade

Mark

Comments

Fail

< 40

Component Missing or Incomplete

Pass

40-

50

Introduction summarises coursework brief, with little context provided

Good Pass

50-

70

Introduction presents scope for the report, context for the report, and highlights key findings

Outstanding

> 70

Comprehensive introduction that sets out aims of report, and how it fits in the wider context. Key topics for the

report discussed

Grade

Mark

Comments

Fail

< 40

Component missing or Incomplete

Pass

40-

50

Conclusions gives brief summary of report contents

Good Pass

50-

70

Conclusions brings together key findings of report

Outstanding

> 70

Comprehensive summary of report content, key findings from report summarised, discussion of finding in the

winder security context

Audit Methods

This section should describe the audit methods you have chosen to use, and justify your choices.

Grade

Mark

Comments

Fail

0-30

Component Missing or Incomplete

Pass

40-

50

Brief description of audit method chosen

Good Pass

50-

70

Discussion of one or more audit methods chosen, and why they are appropriate for the audit

Outstanding

70+

Comprehensive discussion of multiple audit methods, and justification for use. Appropriate tools are identified.

Comparison of strengths and weaknesses of audit methods.Audit Results

Describe the results of the code audit, and discuss any problems found

Important: In this section the number of issues found is less important than the discussion. There is no “target” number of issues to find.

Grade

Mark

Comments

Fail

0-30

Component Missing or Incomplete

Pass

40-

50

Brief overview of issues found

Good Pass

50-

70

Description of issues found with discussion of risk, appropriate risk rating used. Summary for all issues found presented

Outstanding

70+

Comprehensive discussion of issues found, along with appropriate risk rating. Suggestions for mitigation provided, suggestions of priority for fix given

Discussion of Issue

Select one of the issues found. Give a detailed discussion of the issue and its potential impact on the application.

Grade

Mark

Comments

Fail

0-30

Component Missing or Incomplete

Pass

40-

50

Brief Discussion of chosen vulnerability, builds slightly on course notes.

Good Pass

50-

70

Chosen vulnerability and its impact discussed. Demonstration of flaw in the application given.

Outstanding

70+

Comprehensive discussion chosen vulnerability, how it occurs and its impact. Discussion supported with relevant example from the wider literature.

Report Structure

Grade

Mark

Comments

Fail

0-30

Component Missing or Incomplete

Pass

40-

50

Use of appropriate referencing

Good Pass

50-

70

Well structured report, with appropriate referencing

Outstanding

70+

Outstanding report, Well structured with use of section headings to match elements to the requirements, appropriate diagrams and tables, and referencing.Notes:

  1. 1. You are expected to use the Coventry University APA style for referencing For support and advice on this students can contact Centre for Academic Writing (CAW).
  1. Please notify your registry course support team and module leader for disability support.
  2. Any student requiring an extension or deferral should follow the university process as outlined here.
  3. The University cannot take responsibility for any coursework lost or corrupted on disks, laptops or personal computer. Students should therefore regularly back-up any work and are advised to save it on the University system.
  1. If there are technical or performance issues that prevent students submitting coursework through the online coursework submission system on the day of a coursework deadline, an appropriate extension to the coursework submission deadline will be agreed. This extension will normally be 24 hours or the next working day if the deadline falls on a Friday or over the weekend period. This will be communicated via your Module Leader.
  1. You are encouraged to check the origianlty of your work by using the draft Turnitin links on Aula
  2. Collusion between students (where sections of your work are similar to the work submitted by other students in this or previous module cohorts) is taken extremely seriously and will be reported to the academic conduct panel. This applies to both courseworks and exam answers.
  1. A marked difference between your writing style, knowledge and skill level demonstrated in class discussion, any test conditions and that demonstrated in a coursework assignment may result in you having to undertake a Viva Voce in order to prove the coursework assignment is entirely your own work.
  1. If you make use of the services of a proof reader in your work you must keep your original version and make it available as a demonstration of your written efforts. Also, please read the univeristy Proof reading policy
  1. You must not submit work for assessment that you have already submitted (partially or in full), either for your current course or for another qualification of this university, unless this is specifically provided for in your assignment brief or specific course or module information. Where earlier work by you is citable, ie. it has already been published/submitted, you must reference it clearly. Identical pieces of work submitted concurrently will also be considered to be self-plagiarism.