OWASP Assignment Help
top 10 DevSecOps research and mitigation testing Assignment help
You work for a company called, ARU Dev Solutions LLC. They have contacted you to
research the latest IT threats and are interested in the OWASP Top 10 vulnerabilities.
Your job is to test for and document, THREE of the following vulnerabilities:
• A1 Injection
• A2 Broken Authentication
• A3 Sensitive Data Exposure
• A4 XML External Entities (XXE)
• A5 Broken Access Control
• A6 Security Misconfiguration
• A7 Cross-Site Scripting (XSS)
• A8 Insecure Deserialization
• A9 Using Components with Known Vulnerabilities
• A10 Insufficient Logging & Monitoring
—————————————————————————————————–
——————-
Explain the Vulnerabilities and Mitigation
Explain to the business executives, why these vulnerabilities matter, including the
potential risk to the business. You should link these vulnerabilities to the OWASP
TOP 10 2017. You are expected to provide real-world examples for each vulnerability
discussed and code that has issues, with then the student correcting it and suggesting
better alternatives. The report is specifically for higher-ups in the business and needs
to be readable by a layman (non-technical person). Please explain things in this
technical report carefully.
You should explain how you have researched/tested for each vulnerability, and how
you would exploit each vulnerability. You should also explain why the vulnerability
exists, and what is needed to mitigate it. Provide a fully annotated example code to
support your mitigation argument. The report should outline your researched test
environment, such as an annotated network diagram, and justify the tools selected
for testing with references and real-world cases. Creating your own environment
with a vulnerability (local website as an example) and then testing and correcting it
will gain the highest of marks. More information on this is in the marking section.
—————————————————————————————————–
——————-
Report Presentation and Referencing
The report MUST include the following sections (and any sub-sections you might find
useful)
• Cover page
• Contents page
• Executive summary
• OWASP Vulnerability one
o Vulnerability
o Mitigation
• OWASP Vulnerability Two
o Vulnerability
o Mitigation
• OWASP Vulnerability Three
o Vulnerability
o Mitigation
• References
• Appendix (if needed)
All work should be supported with full in-text Harvard referencing. Please create subheadings
under these so your work is easier to read for an executive or layman (the
legal term for someone a person without professional or specialized knowledge in a
particular subject-specific area.)
—————————————————————————————————–
——————-
Guidance Resources:
To help with this assessment further, here are some places with programs or
examples that you could learn from: (make sure to reference properly anything you
use) Ultimately, you should create your own code.
• https://github.com/find-sec-bugs/find-sec-bugs-demos – a good source of
programs you can use that have vulnerable code
Leave A Comment