Categories
Writers Solution

Input Validation and Business Logic Security Controls

Homework 4

Input Validation and Business Logic Security Controls

Overview:

This homework will demonstrate your knowledge of testing security controls aligned with Input

validation and business logic. You will also use the recommended OWASP testing guide reporting format

to report your test findings.

Assignment: Total 100 points

Using the readings from weeks 7 and 8 as a baseline provide the following test and analysis descriptions

or discussion:

1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)

 The OWASP site list multiple approaches and examples for blackbox testing reflected XSS

vulnerabilities. In your own words, describe Reflected Cross Site scripting. Then, List and

describe 4 different examples that could be used for testing. Be sure to conduct additional

research for each example to provide your own unique test example. This most likely means you

will need to conduct some research on Javascript to make sure your syntax is correct.

2. Testing for Stored Cross site scripting (OTG-INPVAL-002)

 The OWASP site list multiple approaches and examples for blackbox testing Stored XSS

vulnerabilities. In your own words, describe Stored Cross Site scripting. Then, List and describe 2

different examples that could be used for testing. Be sure to conduct additional research for

each example to provide your own unique test example. This most likely means you will need to

conduct some research on Javascript to make sure your syntax is correct.

3. Testing for SQL Injection (OTG-INPVAL-005)

 SQL Injection remains a problem in applications yet could easily fixed. The following SQL

statement is in an HTML form as code with the $ variables directly input from the user.

SELECT * FROM Students WHERE EMPLID=’$EMPLID’ AND EMAIL=’$email’

Would a form or application that includes this code be susceptible to SQL Injection? Why?

What specific tests would you perform to determine if the applications was vulnerable?

How would you fix this problem? Be specific be providing the exact code in a Language of your choice.

(e.g. Java, PHP, Python …)

4. Test business logic data validation (OTG-BUSLOGIC-001)

 While reviewing some Java code, an analysis provided the following code snippets that contain

logic errors. For each example, describe the issue and provide code that would fix the logical

error:

a.

2

int x; x = x + 1; System.out.println(“X = ” + x);

b.

for (i=1; i<=5; i++) ; { System.out.println(“Number is ” + i); }

c.

if ( z > d) ; { System.out.println(“Z is bigger”); }

d.

String m1=”one”;

String m2=”two”;

if(m1 == m2) {

System.out.println(“M1 is equal to M2”);

}

e. The formula for the area of a trapezoid is:

A = (b1+b2)/2 * h

The following Java code is the implementation. Fix the logical error

double area;

double base1 = 2.3;

double base2 = 4.8;

double height = 12.5;

area = base1 + base2/2.0 * height;

Demonstrate your fixed code work as anticipated with a couple different test

cases.

5. Test integrity checks (OTG-BUSLOGIC-003)

 Conduct some additional research on Business Logic errors related to OTG-BUSLOGIC-003. In

your own words describe and provide 2 unique examples of integrity checks. For your

examples, provide specific testing methods for each case.

6. Test defenses against Circumvention of Work Flows (OTG-BUSLOGIC-006)

3

 Conduct some additional research on Business Logic errors related to OTG-BUSLOGIC-006. In

your own words describe and provide 2 unique examples of circumvention of work flow. For

your examples, provide specific testing methods for each case.

You should document the results for the tests and your comments, and recommendations for improved

security for each security control tested in a word or PDF document. Discuss any issues found and

possible mitigations.

Deliverables:

You should submit your document by the due date. Your document should be well-organized, include all

references used and contain minimal spelling and grammar errors.

Grading Rubric:

Attribute Meets

Reflected Cross site scripting

10 points Describes Reflected Cross Site scripting. Then, Lists and describes 4 different examples that could be used for testing. Conducts additional research for each example to provide your own unique test example.

Stored Cross site scripting

10 points Describes Stored Cross Site scripting. Then, Lists and describes 2 different examples that could be used for testing. Conducts additional research for each example to provide your own unique test example.

SQL Injection 25 points Answers: would a form or application that includes this code be susceptible to SQL Injection? Why? Answers: What specific tests would you perform to determine if the applications was vulnerable? Answers: How would you fix this problem? Provides the exact code in a Language of your choice.

Business logic data validation

15 points For each example, describes the issue and provides code that would fix the logical error.

Integrity checks 10 points Conducts research on Business Logic errors related to OTG-BUSLOGIC-003. In your own words describes and provides 2 unique examples of integrity checks. Provides specific testing methods for each case.

Defenses against workflow intervention

10 points Conducts research on Business Logic errors related to OTG-BUSLOGIC-006. In your own words describes and provides 2 unique examples of circumvention of work flow. Provides specific testing methods for each case.

Documentation and Submission

20 points Your document should be well-organized, include all references used and contain minimal spelling and grammar errors

  • GET SOLUTION FOR THIS ASSIGNMENT

    CLICK HERE TO MAKE YOUR ORDER

    TO BE RE-WRITTEN FROM THE SCRATCH

    NO PLAGIARISM

    • Original and non-plagiarized custom papers. Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
    • Timely Delivery. capitalessaywriting.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
    • Customer satisfaction. Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
    • Privacy and safety. It’s secure to place an order at capitalessaywriting.com We won’t reveal your private information to anyone else.
    • Writing services provided by experts. Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
    • Enjoy our bonus services. You can make a free inquiry before placing and your order and paying this way, you know just how much you will pay. Input Validation and Business Logic Security Controls
    • Premium papers. We provide the highest quality papers in the writing industry. Our company only employs specialized professional writers who take pride in satisfying the needs of our huge client base by offering them premium writing services.

    Get Professionally Written Papers From The Writing Experts 

    Green Order Now Button PNG Image | Transparent PNG Free Download on SeekPNG Our Zero Plagiarism Policy | New Essays

By admin

Academic tutoring services from the best essay writing company

Leave a Reply

Your email address will not be published. Required fields are marked *