W05 Activity: Security Analysis
Overview
Testing software for security vulnerabilities is a complex task. In fact, the task is so multi-faceted that a new industry has arisen around security testing. Teaching you how to become a security tester is beyond the scope of this class, but we can demonstrate some of the common techniques used by testers.
One of the key industry standards for security analysis is the OWASP Top Ten. This is a list of the most common security vulnerabilities that are found in the industry which is periodically updated. Most security analysts use the OWASP Top Ten as a guide for determining what security defects to look for in computer applications. We will be looking for security defects using this as a guide.
Scenario
The Teton Idaho Chamber of Commerce has asked the team to add an administration function that allows authenticated users to maintain the membership data. The team has started working on this feature and wants to analyze the current design for security flaws. The feature is not complete, but the authentication system is.
You have been asked to perform a security analysis on the 1.4 pre-release version of the site.
Instructions
Configure your test environment as follows (If you need a refresher view W04 Activity: Setup a Local Test Environment):
- Use the Chamber of Commerce v1.4 file found here cse270-v14.zip↓ to conduct your test.
- Start the web server by selecting the index.html file then clicking the "Go Live" button in VS Code.
-
Start the directory data service by opening a terminal in VSCode and issuing the following commands:
-
Windows
cd directorydata_service python manage.py runserver -
Mac
cd directorydata_service python3 manage.py runserver
-
Windows
- Your environment is now set up to test security.
Submission
Return to Canvas and take the quiz, following the instructions one question at a time.
Useful Links:
- Return to: Week Overview | Course Home | Canvas