QR Code Research – Research how companies are using this technology. Is a QR Code an input or output device? What are the benefits? Is there a downside? Your answer should be a minimum of 100 words.QR Code Creation – Watch the video: QR Code Assignment, this will show how to create your own QR code. Use www.qrstuff.com to create your code.Create a Blog post in Blackboard. Submit your answer to the QR Code Research questions. Also post the QR Code you created. Use the Title: Personal QR Code. You can see an example at http://jneighborsbusn1190.blogspot.com/Review at least two student Personal QR Code posts. Using your SmartPhone or other QR Reading device, comment on what you believe their QR Code says.
Programming assignment 10 The shifted QR algorithm In class, we saw a version of the QR algorithm that started with a symmetric, tridiag- onal matrix A and successively found Ak = QkAk−1QT k so that the off-diagonal elements of Ak converge to 0. The eigenvalues of A then appear on the diagonal. In this assignment, we’re going to speed up the convergence of the sequence Ak. Let’s assume we have the tridiagonal matrix A = a1 b2 0 0 . . . 0 0 b2 a2 b3 0 . . . 0 0 0 b3 a3 b4 . . . 0 0 … … … … . . . … … 0 0 0 0 . . . an−1 bn 0 0 0 0 . . . bn an So ak = Ak,k and bk = Ak−1,k. If bn = 0, then the matrix has the form A = [A′ 0 0 an ] which shows us that an is an eigenvalue and that we can focus on finding the eigenvalues of the (n − 1) × (n − 1) matrix A′. So our goal will be to perform QR steps to make bn = 0. We will use λ1, λ2, . . . , λn to denote the eigenvalues of A. With some work, we could see that the rate at which bn → 0 in the QR algorithm is proportional to ∣ ∣ ∣ λn λn−1 ∣ ∣ ∣. To speed up convergence, we will form an estimate of λn, which we call σ, and then consider A − σI, whose eigenvalues are λj − σ. In this matrix, bn converges to 0 at a rate proportional to∣ ∣ ∣ λn−σ λn−1−σ ∣ ∣ ∣. If σ ≈ λn, then λn − σ is close to zero, which means the convergence will be rapid. To recover the eigenvalues of A, we add σ to the eigenvalues of A − σI. Here’s how we form σ, our estimate to λn. An easy way to estimate λn is just using the entry an = An,n. But a better estimate would be to consider the 2 × 2 matrix in the lower right corner: [an−1 bn bn an ] and find its eigenvalues, which are (an−1 + an) ± √(an−1 − an)2 + 4b2 n 2 . Choose σ to be the eigenvalue of the 2 × 2 matrix that is closest to an. Here’s how the algorithm works then. We input an n×n symmetric, tridiagonal matrix A and a tolerance .1. Set a variable shift = 0. 2. Find σ using the recipe above. 3. Redefine A = A − σI and shift = shift + sigma. 4. Perform one step of the QR method redefining A = QAQT using your previous code. 5. If |bn| < , then an is an eigenvalue of the shifted matrix. Recursively, find the eigenvalues of A′, the (n − 1) × (n − 1) matrix in the upper left corner of A and combine them with an. Add shift to all the eigenvalues and return. 6. If |bn| ≥ , go back to step 2 and repeat. Goal: Your goal is to write a function QR(A, tolerance) whose input parameters are an n × n symmetric, tridiagonal matrix A and a desired tolerance for the off-diagonal elements. Your function should return a list of eigenvalues of A. Some things to take note of: • A[:k, :k] will give you the k × k matrix in the upper left corner of A. • The last entry in a list l is l[-1] and the second to last is l[-2]. That means that A[-1,-1] is the entry in the lower right corner. • How do you find the eigenvalue of a 1 × 1 matrix? This is the final step in the recursion. A good example to test is the 9 × 9 matrix that computes a discrete approximation to the second derivative of a function (2’s on the diagonal and -1’s on the tridiagonal). Check your results against np.linalg.eig(A)[0]. If you count the number of steps, you should find convergence is incredibly fast. For instance, with a tolerance of 10−4 and using the 9 × 9 second-derivative matrix A, about 15 total steps are required, which is amazing. Remember when we looked at rates of convergence earlier and saw that fixed point iteration is linear and Newton’s method is quadratic? This method is cubic, which is very rare and very wonderful. Due to its rapid convergence, this algorithm was named one of the 10 most important algorithms of the 20th century. http://pi.math.cornell.edu/ ̃ajt/presentations/TopTenAlgorithms.pdf
Homework details: Input Validation and Business Logic Security Controls
Overview:
This homework will demonstrate your knowledge of testing security controls aligned with Input
validation and business logic. You will also use the recommended OWASP testing guide reporting format
to report your test findings.
Assignment: Total 100 points
Using the readings from weeks 7 and 8 as a baseline provide the following test and analysis descriptions
or discussion:
1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)
The OWASP site list multiple approaches and examples for blackbox testing reflected XSS
vulnerabilities. In your own words, describe Reflected Cross Site scripting. Then, List and
describe 4 different examples that could be used for testing. Be sure to conduct additional
research for each example to provide your own unique test example. This most likely means you
will need to conduct some research on Javascript to make sure your syntax is correct.
2. Testing for Stored Cross site scripting (OTG-INPVAL-002)
The OWASP site list multiple approaches and examples for blackbox testing Stored XSS
vulnerabilities. In your own words, describe Stored Cross Site scripting. Then, List and describe 2
different examples that could be used for testing. Be sure to conduct additional research for
each example to provide your own unique test example. This most likely means you will need to
conduct some research on Javascript to make sure your syntax is correct.
3. Testing for SQL Injection (OTG-INPVAL-005)
SQL Injection remains a problem in applications yet could easily fixed. The following SQL
statement is in an HTML form as code with the $ variables directly input from the user.
SELECT * FROM Students WHERE EMPLID=’$EMPLID’ AND EMAIL=’$email’
Would a form or application that includes this code be susceptible to SQL Injection? Why?
What specific tests would you perform to determine if the applications was vulnerable?
How would you fix this problem? Be specific be providing the exact code in a Language of your choice.
(e.g. Java, PHP, Python …)
4. Test business logic data validation (OTG-BUSLOGIC-001)
While reviewing some Java code, an analysis provided the following code snippets that contain
logic errors. For each example, describe the issue and provide code that would fix the logical
error:
a.
2
int x; x = x + 1; System.out.println(“X = ” + x);
b.
for (i=1; i<=5; i++) ; { System.out.println(“Number is ” + i); }
c.
if ( z > d) ; { System.out.println(“Z is bigger”); }
d.
String m1=”one”;
String m2=”two”;
if(m1 == m2) {
System.out.println(“M1 is equal to M2”);
}
e. The formula for the area of a trapezoid is:
A = (b1+b2)/2 * h
The following Java code is the implementation. Fix the logical error
double area;
double base1 = 2.3;
double base2 = 4.8;
double height = 12.5;
area = base1 + base2/2.0 * height;
Demonstrate your fixed code work as anticipated with a couple different test
cases.
5. Test integrity checks (OTG-BUSLOGIC-003)
Conduct some additional research on Business Logic errors related to OTG-BUSLOGIC-003. In
your own words describe and provide 2 unique examples of integrity checks. For your
examples, provide specific testing methods for each case.
6. Test defenses against Circumvention of Work Flows (OTG-BUSLOGIC-006)
3
Conduct some additional research on Business Logic errors related to OTG-BUSLOGIC-006. In
your own words describe and provide 2 unique examples of circumvention of work flow. For
your examples, provide specific testing methods for each case.
You should document the results for the tests and your comments, and recommendations for improved
security for each security control tested in a word or PDF document. Discuss any issues found and
possible mitigations.
Deliverables:
You should submit your document by the due date. Your document should be well-organized, include all
references used and contain minimal spelling and grammar errors.
Grading Rubric:
Attribute Meets
Reflected Cross site scripting
10 points Describes Reflected Cross Site scripting. Then, Lists and describes 4 different examples that could be used for testing. Conducts additional research for each example to provide your own unique test example.
Stored Cross site scripting
10 points Describes Stored Cross Site scripting. Then, Lists and describes 2 different examples that could be used for testing. Conducts additional research for each example to provide your own unique test example.
SQL Injection 25 points Answers: would a form or application that includes this code be susceptible to SQL Injection? Why? Answers: What specific tests would you perform to determine if the applications was vulnerable? Answers: How would you fix this problem? Provides the exact code in a Language of your choice.
Business logic data validation
15 points For each example, describes the issue and provides code that would fix the logical error.
Integrity checks 10 points Conducts research on Business Logic errors related to OTG-BUSLOGIC-003. In your own words describes and provides 2 unique examples of integrity checks. Provides specific testing methods for each case.
Defenses against workflow intervention
10 points Conducts research on Business Logic errors related to OTG-BUSLOGIC-006. In your own words describes and provides 2 unique examples of circumvention of work flow. Provides specific testing methods for each case.
Documentation and Submission
20 points Your document should be well-organized, include all references used and contain minimal spelling and grammar errors
Original and non-plagiarized custom papers. Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
Timely Delivery. capitalessaywriting.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
Customer satisfaction. Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
Privacy and safety. It’s secure to place an order at capitalessaywriting.com We won’t reveal your private information to anyone else.
Writing services provided by experts. Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
Enjoy our bonus services. You can make a free inquiry before placing and your order and paying this way, you know just how much you will pay. Input Validation and Business Logic Security Controls
Premium papers. We provide the highest quality papers in the writing industry. Our company only employs specialized professional writers who take pride in satisfying the needs of our huge client base by offering them premium writing services.
Input Validation and Business Logic Security Controls
Overview:
This homework will demonstrate your knowledge of testing security controls aligned with Input
validation and business logic. You will also use the recommended OWASP testing guide reporting format
to report your test findings.
Assignment: Total 100 points
Using the readings from weeks 7 and 8 as a baseline provide the following test and analysis descriptions
or discussion:
1. Testing for Reflected Cross site scripting (OTG-INPVAL-001)
The OWASP site list multiple approaches and examples for blackbox testing reflected XSS
vulnerabilities. In your own words, describe Reflected Cross Site scripting. Then, List and
describe 4 different examples that could be used for testing. Be sure to conduct additional
research for each example to provide your own unique test example. This most likely means you
will need to conduct some research on Javascript to make sure your syntax is correct.
2. Testing for Stored Cross site scripting (OTG-INPVAL-002)
The OWASP site list multiple approaches and examples for blackbox testing Stored XSS
vulnerabilities. In your own words, describe Stored Cross Site scripting. Then, List and describe 2
different examples that could be used for testing. Be sure to conduct additional research for
each example to provide your own unique test example. This most likely means you will need to
conduct some research on Javascript to make sure your syntax is correct.
3. Testing for SQL Injection (OTG-INPVAL-005)
SQL Injection remains a problem in applications yet could easily fixed. The following SQL
statement is in an HTML form as code with the $ variables directly input from the user.
SELECT * FROM Students WHERE EMPLID=’$EMPLID’ AND EMAIL=’$email’
Would a form or application that includes this code be susceptible to SQL Injection? Why?
What specific tests would you perform to determine if the applications was vulnerable?
How would you fix this problem? Be specific be providing the exact code in a Language of your choice.
(e.g. Java, PHP, Python …)
4. Test business logic data validation (OTG-BUSLOGIC-001)
While reviewing some Java code, an analysis provided the following code snippets that contain
logic errors. For each example, describe the issue and provide code that would fix the logical
error:
a.
2
int x; x = x + 1; System.out.println(“X = ” + x);
b.
for (i=1; i<=5; i++) ; { System.out.println(“Number is ” + i); }
c.
if ( z > d) ; { System.out.println(“Z is bigger”); }
d.
String m1=”one”;
String m2=”two”;
if(m1 == m2) {
System.out.println(“M1 is equal to M2”);
}
e. The formula for the area of a trapezoid is:
A = (b1+b2)/2 * h
The following Java code is the implementation. Fix the logical error
double area;
double base1 = 2.3;
double base2 = 4.8;
double height = 12.5;
area = base1 + base2/2.0 * height;
Demonstrate your fixed code work as anticipated with a couple different test
cases.
5. Test integrity checks (OTG-BUSLOGIC-003)
Conduct some additional research on Business Logic errors related to OTG-BUSLOGIC-003. In
your own words describe and provide 2 unique examples of integrity checks. For your
examples, provide specific testing methods for each case.
6. Test defenses against Circumvention of Work Flows (OTG-BUSLOGIC-006)
3
Conduct some additional research on Business Logic errors related to OTG-BUSLOGIC-006. In
your own words describe and provide 2 unique examples of circumvention of work flow. For
your examples, provide specific testing methods for each case.
You should document the results for the tests and your comments, and recommendations for improved
security for each security control tested in a word or PDF document. Discuss any issues found and
possible mitigations.
Deliverables:
You should submit your document by the due date. Your document should be well-organized, include all
references used and contain minimal spelling and grammar errors.
Grading Rubric:
Attribute Meets
Reflected Cross site scripting
10 points Describes Reflected Cross Site scripting. Then, Lists and describes 4 different examples that could be used for testing. Conducts additional research for each example to provide your own unique test example.
Stored Cross site scripting
10 points Describes Stored Cross Site scripting. Then, Lists and describes 2 different examples that could be used for testing. Conducts additional research for each example to provide your own unique test example.
SQL Injection 25 points Answers: would a form or application that includes this code be susceptible to SQL Injection? Why? Answers: What specific tests would you perform to determine if the applications was vulnerable? Answers: How would you fix this problem? Provides the exact code in a Language of your choice.
Business logic data validation
15 points For each example, describes the issue and provides code that would fix the logical error.
Integrity checks 10 points Conducts research on Business Logic errors related to OTG-BUSLOGIC-003. In your own words describes and provides 2 unique examples of integrity checks. Provides specific testing methods for each case.
Defenses against workflow intervention
10 points Conducts research on Business Logic errors related to OTG-BUSLOGIC-006. In your own words describes and provides 2 unique examples of circumvention of work flow. Provides specific testing methods for each case.
Documentation and Submission
20 points Your document should be well-organized, include all references used and contain minimal spelling and grammar errors
Original and non-plagiarized custom papers. Our writers develop their writing from scratch unless you request them to rewrite, edit or proofread your paper.
Timely Delivery. capitalessaywriting.com believes in beating the deadlines that our customers have imposed because we understand how important it is.
Customer satisfaction. Customer satisfaction. We have an outstanding customer care team that is always ready and willing to listen to you, collect your instructions and make sure that your custom writing needs are satisfied
Privacy and safety. It’s secure to place an order at capitalessaywriting.com We won’t reveal your private information to anyone else.
Writing services provided by experts. Looking for expert essay writers, thesis and dissertation writers, personal statement writers, or writers to provide any other kind of custom writing service?
Enjoy our bonus services. You can make a free inquiry before placing and your order and paying this way, you know just how much you will pay. Input Validation and Business Logic Security Controls
Premium papers. We provide the highest quality papers in the writing industry. Our company only employs specialized professional writers who take pride in satisfying the needs of our huge client base by offering them premium writing services.