Even complicated and confusing topics will be easily developed and covered if you request our help writing an essay. Place an order today!

Overview:This homework will demonstrate your knowledge of testing security controls aligned with Inputvalidation and business logic. You will also use the recommended OWASP testing guide reporting format to report your test findings.Assignment: Total 100 pointsUsing the readings from weeks 7 and 8 as a baseline, analyze, test and document the results for the tutoring web application found on the SDEV virtual machine. Use both manual means and automated tools (e.g., ZAP). The latter will enable you to discover more information than a cursory manual examination. Specific tests to be conducted include:1. Testing for Reflected Cross site scripting (OTG-INPVAL-001) What is the importance of testing for this vulnerability? How many occurrences of the vulnerability did an automated scan discover? What is your recommendation to address any issues? Can you place a simple JavaScript alert (e.g., DeleteSession.php as an example)?2. Testing for Stored Cross site scripting (OTG-INPVAL-002) What is the importance of testing for this vulnerability? What happens when you attempt to add a pop-up window (e.g., ) to the email input field within the “index.html” field? Can you introduce Stored Cross site scripting?3. Testing for SQL Injection (OTG-INPVAL-005) Did your manual and automated testing discover any SQL Injection vulnerabilities – if so, how many? (Note: There should be at least one occurrence). Name two or more steps you can take according to the reading to resolve the issue. Fix and test at least one occurrence of the vulnerabilities – displaying your resulting source code and output results.4. Testing for Code Injection (OTG-INPVAL-012) What is the importance of testing for this vulnerability? What are at least two measures you can take to remediate this issue? Can you input some simple html code or exploit Remote File Inclusion (RFI)?5. Test business logic data validation (OTG-BUSLOGIC-001) What are at least two examples of business logic errors? This could be from various input forms or areas you discovered in previous HW assignments. How can you mitigate against such errors?6. Test integrity checks (OTG-BUSLOGIC-003) Do Drop down menus exist and are they sufficient for the application? Why does the use of drop-down menus help mitigate against this risk? Does your manual or automated scan reveal the use of password “AUTOCOMPLETE”? What issue, if any, does the use of AUTOCOMPLETE pose?7. Test defenses against application misuse (OTG-BUSLOGIC-007) What is the importance of testing for this vulnerability? Can adding additional characters in input fields cause unexpected results? Verify for at least two instances.General GuidelinesYou should document the results for the tests, your comments, and recommendations for improved security for each security control tested in a word or PDF document. The format of your document should be the format that is recommended in chapter 5 of the OWASP testing guide. Provide screen captures and descriptions of your tests conducted. Discuss any issues found and possible mitigations.Note: The SDEV Virtual Machine you downloaded and used for SDEV 300. The URL is here if you need to download it again: https://citeapps.umuc.edu/SDEV/ The VM runs on the latest version of Oracle Virtual Box. The directions to reinstall the Tutoring Web Application are also included in the course resources – which also includes any required passwords.Deliverables:You should submit your document by the due date. Your document should be well-organized, use the OWASP recommended reporting format, include all references used and contain minimal spelling and grammar errors.Grading Rubric: Attribute MeetsReflected Cross site scripting10 pointsTests for Reflected Cross site scripting (OTG-INVAL-001) as applied to the sample tutor application. (5 points)Discusses the importance of testing for this vulnerability.(1 point)Discusses and demonstrates if a user can place a simple JavaScript alert.(4 points)Stored Cross site scripting10 pointsTests for Stored Cross site scripting (OTG-INVAL-002) as applied to the sample tutor application.(5 points)Discusses the importance of testing for this vulnerability.(2 points)Discusses and demonstrates if a user can introduce Stored Cross site scripting and attempt to add a pop-up window.(3 points)SQL Injection20 pointsTests for SQL injection (OTG-INPVAL-005) as applied to the sample tutor application.(5 points)Names two or more mitigation steps according to reading or other research.(5 points)Fixes and tests at least one discovered SQL injection – and displays source code changes and resulting test output.(10 points)Code Injection10 pointsTests for Code Injection (OTG-INVAL-012) as applied to the sample tutor application.(5 points)Discusses the importance of testing for this vulnerability.(1 point)Names two or more mitigation steps according to reading or other research.(1 point)Discusses and demonstrates if a user can introduce some simple HTML code and exploit Remote File Inclusion (RFI).(3 points)Business logic data validation10 pointsTests business logic data validation (OTG-BUSLOGIC-001) as applied to the sample tutor application.(5 points)Discusses and demonstrates two or more logic errors. (5 points)Discusses how to mitigate logic errors.(2 points)Integrity checks10 pointsTests integrity checks (OTG-BUSLOGIC-003) as applied to the sample tutor application. (5 points)Discusses and demonstrates if drop-down menus exist and are sufficient for the application. (3 points)Discusses the use of password AUTOCOMPLETE functionality and its importance.(2 points)Defenses against application misuse10 pointsTests defenses against application misuse (OTG-BUSLOGIC-007) as applied to the sample tutor application. (5 points)Discusses the importance of testing for this vulnerability.(1 point)Discusses and demonstrates if additional characters can be added in at least 2 instances to cause unexpected results.(4 points)Documentation and Submission20 pointsDocuments the results for the tests and your comments, and recommendations for improved security for each security control tested in a Word or PDF document.(5 points)Uses the format that is recommended in Chapter 5 of the OWASP testing guide.(5 points)Screen captures are clearly labeled indicating exactly what the screen capture represents. (5 points)Document is well-organized, includes page numbers, includes all references used, and contains minimal spelling and grammatical errors.(5 points)

testimonials icon
 (Need in 6 Hours) 100% plagiarism free!!! Throughout this course, we have been focusing our attention on the practice of arguing to f...
testimonials icon
Crash -----  First homework) ---Directions  1.      Develo...
testimonials icon
Discuss 5 different Principles of Multimedia Learning bHow does this project work?/b/p In this assignment, you’l...
testimonials icon
ssignment InstructionsWeek 7 Assignment:Instructions:Utilizing your comprehensive securit...
testimonials icon
  “Looking for a Similar Assignment? Order now and Get 10% Discount! Use...
testimonials icon
For this assignment, you will select a movie that depicts the worldview of one of the specific populations discussed in this module to whi...
testimonials icon
44.  4 Amber, a publicly held corporation (not a TARP recipient), currently pays its president an annual salary of ...
testimonials icon
QNT351 Week 5 Paper...
testimonials icon
Order Grade A+ Academic Papers Instantly!...
testimonials icon
/*! elementor - v3.6.5 - 27-04-2022 */ .elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading...

Other samples, services and questions:

Calculate Price

When you use PaperHelp, you save one valuable — TIME

You can spend it for more important things than paper writing.

Approx. price
$65
Order a paper. Study better. Sleep tight. Calculate Price!
Created with Sketch.
Calculate Price
Approx. price
$65