联系方式

  • QQ:99515681
  • 邮箱:99515681@qq.com
  • 工作时间:8:00-21:00
  • 微信:codinghelp

您当前位置:首页 >> Python编程Python编程

日期:2023-12-03 07:58

SECU73000 - Assignment 4

Check eConestoga for due date.

Introduction

In class we have experimented with different tools and techniques to assist us in

source code assessment. In this assignment, we will perform a source code review

on some unknown code. You are welcome to use any and all of the tools and

techniques we used in class, as well as any other tools you may enjoy.

Once identified, you will offer an opinion on how bad the discovered vulnerability

is and how one might best remediate the vulnerability.

Specification

1. Download the source code from eConestoga

2. unzip the archive

3. Double click on the .sln file to open the project in Visual Studio

4. Now that you know the solution is readable, proceed to review and identify

the issues.

Deliverable

Using all the tools at your disposal, review this code base and identify as many

security issues as you can. For each issue you identify, be sure to both explain

why the finding is an issue and how an attacker might leverage the issue. Follow

that short discussion with some overview thoughts on how you would suggest the

developer fix the issue.

Please note that we are slightly more interested in the weakness itself, rather than

the fix, so when discussing a finding, spend 60% of your time/effort on the vulnerability and 40% on potential mitigation strategies.

You will submit a written report (MSWord or PDF only) containing screen shots,

filename and line number pairs, and the three discussion points noted above (finding

explanation, likely exploit scenarios and mitigation strategies).

1

Marking Rubric

I will be looking for the following:

• Number and validity of findings

• Accuracy and completeness of finding explanation

• Reasonableness of exploit scenario

• Appropriateness of mitigation strategies.

Standard Deductions

• 5% for not having name and assignment # in your Word/PDF document

• 10% for submitting a “zip”ed (compressed) document

• Regular late submission penalty (see Program Handbook)

• Penalties applied as per the Student Handbook for any plagiarism and/or

academic dishonesty.

2


版权所有:编程辅导网 2021 All Rights Reserved 联系方式:QQ:99515681 微信:codinghelp 电子信箱:99515681@qq.com
免责声明:本站部分内容从网络整理而来,只供参考!如有版权问题可联系本站删除。 站长地图

python代写
微信客服:codinghelp