Longin system using PHP and connects to a MySQL backend database.
Προϋπολογισμός £250-750 GBP
Secure Programming 1
Assignment 1
The purpose of this assignment is to give you some practical experience in attacking vulnerable source code and also
experience in trying to secure this insecure code.
You will be supplied with a simple Web application. The app is coded using PHP and connects to a MySQL backend database. There are two parts to the assignment, both worth the same (50/50).
You need to find weaknesses, exploit them and finally fix them.
For the first part of your assignment you need to analysis the code and look for possible weaknesses.
You then need to try exploit any weakness you think you have identified. If you think a form field is vulnerable to XSS, then perform some attack to show the weakness.
(Only one example, per location, each field, is required to show that it is vulnerable).
For the second part of the assignment you need to try secure the code, by correcting any flaws you find by writing new secure code.
Setup
Firstly you’ll need to get the code running so you can test it. You’ll need to setup a webserver and a database, I suggest using WAMP which is the easiest solution to automatically set everything up for you. You’ll also need to create a database and a table. The easiest way to do this is using MyPHPAdmin create a database (test) and then run the SQL script I’ve included with the source to create and set up a table.
Once up and running you can start your assignment.
Section 1 (50%)
OK you have some source code to review and try to break. There are plenty of basic errors in the code so you should be able to find some. You need to list each weakness that you think you have found and briefly mention what type of weakness it is. You should also try and exploit each weakness, with some real world hacking.
You should highlight exactly what you did to exploit each weakness. If you find a possible weakness but fail to exploit
it, then you should still include it, and mention anything you tried in your attempt to exploit it.
Section 2 (50%)
The second part of your project is to correct the source code to fix as many of the identify weaknesses as you can. Your final corrected code must still run without changes needed by me.
You must correct the code I give you, not just hand me back a completely different app. If you tried to fix a bit of code but it won’t compile or gives errors, then include it in your source code, so I can see what you tried and where.
In your documentation you need to include a brief mention of each bit of code you tried to correct and how your code fixes the problem.
Deliverables
A zipped file with your completed report and all of the corrected source code uploaded to Moodle by the 8th of November (Sunday).
Note: MAX word count should be between 2,500 and 3,000 words, but reports can be considerably less. I don’t want a history of vulnerabilities in your report. Just what vulnerabilities you found, how you found them and how you fixed them in code.
22 freelancers κάνουν προσφορές κατά μέσο όρο £513 για αυτή τη δουλειά
Let's discuss more about project to finalize the proper scope with estimated cost and time so ping me over the freelancer chat. I am myself developer so you will directly work with me. No mediators. No managers. No Περισσότερα
Hi Thanks for your valuable time. :-) Just reply with 'Yes' and We will come up with a. Detail project plan with our comments/queries. b. Best-feasible-real COST & TIMELINE Latest Projects : [login to view URL] Περισσότερα
1. Tours Site + Booking Module We already designed and developed a complete portal for online tours listing with complete online bookings of tours with departures and much more other things in a complete cms based sol Περισσότερα
Hello, my name is Olya. I represent Ukrainian IT Company «Webbook». We provide website design and web development services for organizations, public and government institutions, company or private web-pages. We got Περισσότερα
Hello..I have an experience of more than 6 years in web development and maintenance. I have in-depth knowledge of php, mysql, jquery, paypal integrations, API's, css, html, html5. Our team is experienced, creative & Περισσότερα
Hello, I am an PHP Certified Developer with more than 7 years of experience and shall get this done in about 15 days' time. Let me know if you have any doubts / queries about my expertise, will be more than hap Περισσότερα
Hello Sir, First of all, we would like to tell you how we will initialize the project with you. According to your project description, our team would like to discuss with you, to get more understanding of the Περισσότερα
Hello Sir, I am ready to start the work now, i am having 8 years of exp..... I am ready to start the work now, i am having 8 years of exp.....
Hello, I am Sr. web developer have strong debugging and coding skills. I am full stack developer with good knowledge of Java, PHP, JavaScript, MySQL, MongoDB, AngularJS, JQuery, HTML, Bootstrap, etc. I have creat Περισσότερα
I have a lots of experience in C++,C#.net,JAVA, software Architecture, PHP, MySQL, Wordpress and Web Designing. my aim to deliver quality products to our customers within specified deadline. If hired by you I wil Περισσότερα
Hi there, Nice to see your project. I am a developer with more than 8 years of experience with solid technical skills. I think I’m the best fit for the project. Here are our featured projects: http://ahp Περισσότερα
Hi There, i own a company in India. I am having 4+ years of experience in Web Developement. We have a good strength of Web Developers. We provide training in Websites to college students and to software personnel. Περισσότερα
Hi, I am new on this site, but I am a very experienced senioe PHP developer. Thanks in advance. ----------------------------
Hello, I would like to your php assignment. I am Master in Computer Engineering So i know how to do this kind of assignment. Let me know if you have any questions! Thank you for your time,
Data Management : Our areas of interest or expertise: Excel, VBA, Advanced Formulas, Conditional Formatting, Pivot Tables, Slides Preparation and Financial Calculations, Drawing Comparison, Design Suggestions. Softwar Περισσότερα
Hello, We are the group of web-developers "Shubhashish Group". We have more than 4 years of experience in developing of web-sites and mobile applications. We built some projects like this; we can develop a full funct Περισσότερα
A team of network engineers and software developers We are a company of 20-25 employees majorly dealing with Networking and IT solutions. We have a dedicated teams on implementation and development.
