nput Validation and Business Logic Security Controls

  SDEV 460 – Homework 4 Input Validation and Interest Logic Assurance Controls Overview: This homework succeed inform your acquaintance of ordealing assurance curbs aligned after a while Input validation and interest logic. You succeed as-well use the recommended OWASP ordealing superintend newsing format to news your ordeal findings. Assignment: Total 100 aims Using the balbutiations from weeks 7 and 8 as a baseline, dissect, ordeal and muniment the results for the preceptoring web collision build on the SDEV indirect agent. Use twain manual instrument and automated tools (e.g., ZAP). The perishing succeed strengthen you to manifest over knowledge than a slight manual examination. Specific ordeals to be conducted grasp: 1. Testing for Reflected Cross birth scripting (OTG-INPVAL-001)  What is the signification of ordealing for this insecurity?  How multifarious transactions of the inease did an automated review manifest?  What is your warning to harangue any progenys?  Can you attribute a sickly JavaScript prompt (e.g., DeleteSession.php as an model)? 2. Testing for Stored Cross birth scripting (OTG-INPVAL-002)  What is the signification of ordealing for this insecurity?  What happens when you seek to add a pop-up window (e.g., <script>alert(document.cookie)</script>) to the email input scene after a whilein the “index.html” scene?  Can you conduct-in Stored Cross birth scripting? 3. Testing for SQL Introduction (OTG-INPVAL-005)  Did your manual and automated ordealing manifest any SQL Introduction vulnerabilities – if so, how multifarious? (Note: Thither should be at last one transaction).  Name two or over steps you can select according to the balbutiation to counteract the progeny.  Fix and ordeal at last one transaction of the vulnerabilities – displaying your resulting origin jurisprudence and output results. 4. Testing for Jurisprudence Introduction (OTG-INPVAL-012)  What is the signification of ordealing for this insecurity?  What are at last two measures you can select to remediate this progeny?  Can you input some sickly html jurisprudence or feat Remote File Inclusion (RFI)? 5. Ordeal interest logic axioms validation (OTG-BUSLOGIC-001)   What are at last two models of interest logic errors? This could be from diversified input forms or areas you manifested in prior HW assignments.  How can you console counter such errors? 6. Ordeal entireness checks (OTG-BUSLOGIC-003)  Do Drop down menus stop and are they adapted for the collision? Why does the use of drop-down menus acceleration console counter this occasion?  Does your manual or automated review show the use of passaccount “AUTOCOMPLETE”? What progeny, if any, does the use of AUTOCOMPLETE bewilder? 7. Ordeal defenses counter collision prostitution (OTG-BUSLOGIC-007)   What is the signification of ordealing for this insecurity?  Can adding concomitant characters in input scenes inducement unlocked-for results? Verify for at last two instances. General Guidelines You should muniment the results for the ordeals, your comments, and warnings for improved assurance for each assurance curb ordealed in a account or PDF muniment. The format of your muniment should be the format that is recommended in portion 5 of the OWASP ordealing superintend. Provide defend captures and descriptions of your ordeals conducted. Discuss any progenys build and potential collapses. Note: The SDEV Indirect Agent you downloaded and used for SDEV 300. The URL is hither if you scarcity to download it again: https://citeapps.umuc.edu/SDEV/ The VM runs on the laordeal account of Oracle Indirect Box. The directions to reinstall the Tutoring Web Collision are as-well interjacent in the round instrument – which as-well grasps any required passwords. Deliverables: You should yield your muniment by the due age. Your muniment should be well-organized, use the OWASP recommended newsing format, grasp all references used and inclose minimal spelling and expression errors. Grading Rubric: Attribute Meets Reflected Cross birth scripting 10 aims Tests for Reflected Cross birth scripting (OTG-INVAL-001) as applied to the specimen preceptor collision. (5 aims) Discusses the signification of ordealing for this insecurity. (1 aim) Discusses and informs if a user can attribute a sickly JavaScript prompt. (4 aims) Stored Cross birth scripting 10 aims Tests for Stored Cross birth scripting (OTG-INVAL-002) as applied to the specimen preceptor collision. (5 aims) Discusses the signification of ordealing for this insecurity. (2 aims) Discusses and informs if a user can conduct-in Stored Cross birth scripting and seek to add a pop-up window. (3 aims) SQL Injection 20 aims Tests for SQL introduction (OTG-INPVAL-005) as applied to the specimen preceptor collision. (5 aims) Names two or over collapse steps according to balbutiation or other lore. (5 aims) Fixes and ordeals at last one manifested SQL introduction - and displays origin jurisprudence changes and resulting ordeal output.