ITT-210 LAB 2

docx

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

210

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

8

Uploaded by ChefTreeRhinoceros36

Report
College Engineering and technology, Grand Canyon University ITT-210 Professor Spark 02/27/2023 Here is the loom link Video: https://www.loom.com/share/533697cb606344d09fbb0bf54e38b41e Here is the first screenshot values 1, 2, 3, 4 into registers eax, ebx, ecx, and edx. Here is the second screenshot reverse the values in registers, e.g., eax=4, ebx=3, etc.
1. Explain the use of abuse cases to validate software performance and security. Misuse and abuse cases describe how users Misuse or abuse weak controls in software functionality to attack applications. A direct attack on a business function that can generate revenue or provide a positive user experience can have a measurable impact on your business. Abuse cases are an effective way to drive security requirements to adequately protect these important business use cases. The abuse cases can also be an effective way to drive security requirements that lead to proper protection of these critical business use cases. An abuse case is a way to use a feature that was not expected by implementer. Common terms for this are misuse, and exploitation which leads to preying on weaknesses (within features) to attract an application. 2. Demonstrate understanding of the techniques specifying program behavior, the classes of well-known defects, and how they manifest themselves in various languages. Use comments to spec what is happening in different parts of the code Utilizing features of languages as the features of object-oriented programming to split the code into an easy-to-follow object. Some of the classes of well-known defects and how they manifest themselves in various languages are the following: Arithmetic-math errors, Syntax Defects-Spelling mistakes, Security Defects, Multiple process running at once could cause issues such as memory.
3. •Explain how poor coding affects security and can identify common coding errors. Demonstrate capability to author programs that are free from defects and document code with clear and succinct explanations such that other people can enhance and maintain the developed code. Poor coding can lead to vulnerabilities and holes within the system that people can use to access the system and take information out. Missing semicolon, misspelled words, commands wrong. Demonstrate capability to author programs that are free from defects and document code with clear and succinct explanations such that other people can enhance and maintain the developed code. It is impossible to have code without defect. Do not use partial trusted code that means code that is running less than full trust and not a-where of: 4. •Explain secure programming principles and practices. validate input > Validate input from all sources to eliminate majority of software vulnerabilities. Be careful of external data sources such as networking interfaces. Heed Compiler warnings >Compile code using highest warning level available for your compiler and eliminate warning by modifying code (Schiela, 2018). Use a variety of analysis tools to eliminate security flaws. Architect and design for security policies > Design a software architecture for implementing security policies. Enforce them more effectively by sectioning off subsections with different privileges sets.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Default Deny > Base access decisions on permissions rather than exclusion. This means that, by default, access denied, and the protection scheme identifies conditions under which access permitted. Sanitize data sent to other system > Sanitize data passed to complex subsystems. sanitized data through inputs helps to protect against attacks such as SQL injection. 5. •Identify constructive techniques (what process might provide for "good code"). Some constructive techniques to provide “good code” focus on code readability. Standardize headers for different modules, don’t use single identifiers for more than one purpose, and leave clear comments with comments with good documentation. You should also backup your code daily to prevent any data loss. When constructing your code make sure you are loading in reliable and secure libraries as well as when you are using open-source code. Create multiple security layers and configure the security settings towards what you’re applying the program to. SSDLC (Secure Software Development Life Cycle) is the traditional software development process with integrated multi-level built in testing and security. This means security is integrated when used there are substantial benefits including early flaw detection, additional protection against external attacks, and an increase in software needs. Basically, this process helps with finding flaws in code early in the development process. 6. •Analyze/interpret low level programs with the required complexity and sophistication to implement exploits for discovered vulnerabilities Buffer Overflow Attack is used to attack the memory. Feed inputs that are larger than expected. Example. Feeding a 20-byte value when 2 bytes are expected. Able to override code, prevent it
by: Exception handling prevents a user from using an input too large. Hardcoded. Randomizing address space prevents the hacker from knowing the location of the code, can’t execute if they can’t find it. Result from failing to filter untrusted input. Can happen when passing unfiltered data to the SQL Server (aka SQL Injection) Attacker can inject commands to retrieve clients' browsers, results in loss of data Cross-Site Scripting Attacker inputs JavaScript tags to user's web applications. When input is returned to the user, the browser would in turn execute. Example: On page load the script running would post users cookies to attacker
Low Level Exploit Process of finding vulnerabilities and exploiting them with scripts. A type of exploit that operates close to the kernel level in order to directly interface with hardware, take over processes, and exploit a machine’s security. Often done by rerouting a pointer to a malicious payload. May easily fly under the radar of common anti-virus.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Reference 3 ways abuse cases can drive security requirements . Application Security Blog. (2021, October 18). Retrieved February 22, 2023 , from https://www.synopsys.com/blogs/software- security/abuse-cases-can-drive-security-requirements/
Schiela, R. (2018, May 2). Top 10 secure coding practices . Top 10 Secure coding practices-CERT Secure coding confluence. Retrieved February 16, 2023, from https://wiki.sei.amu.edu/confluence/display/seccode/Top+10+Se Browser Stack . (2021, February 2). Coding standards and best practices to follow. Https://www.browserstack.com/guide/coding-standards-best-practices Risk Cyber Security. (2022, May 10). SDLC software development life cycle. RSK Cyber security. Retrieved February 16, 2023, from https://risk-cyber-security.com/consulting/secure- sdlc/.

Related Documents

mse7-1.pdf
SYS611A HW1.pdf
Assignment4_Fall23.pdf
Assignment3_Fall23.pdf
Assignment2_Fall23.pdf
AP NATS - 1575 Forensic Report.pdf
EDU534Topic2DQ2.docx
Network and Cloud Management Section quiz 3.pdf
Network and Cloud Management - pre reading 7.pdf
Lab #7 Digital Forensics(1).pdf
NOPE.docx
Ass05.docx
Recommended textbooks for you
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Np Ms Office 365/Excel 2016 I Ntermed
Computer Science
ISBN:9781337508841
Author:Carey
Publisher:Cengage
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781285867168
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS