security_project

security_project - 9/15/2009 CSE 565: Computer Security...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
1 9/15/2009 CSE 565: Computer Security Due: Oct. 1, 2009 Project 1 – Vulnerability Analysis 1. Background Vulnerability is a weakness in a system that makes it possible for a threat to precipitate. A threat is a potential occurrence that can have an undesirable effect on the system assets or resources. Vulnerabilities can stem from a lot of sources like improper coding, incorrect protocols or weak security policies. Most of the vulnerabilities occur due to improper coding practices or developer’s oversight. Common mistakes include, improper error handling, not validating user inputs, giving hints in comments, etc. One such common error by a developer is the absence of bounds checking while using data structures like arrays and pointers. This can give rise to vulnerabilities like ‘Buffer Overflows’ where malicious users can execute some code to get root/privileged access to a system. 2. Project Basics While in most cases, the security of an application may not directly depend on the developer’s coding practices and style, for a web application the converse may often be true. Most security infiltrations of web applications can be traced back to faulty coding practices and oversight. The core idea that this project aims to drive home is that security of any web application can be enhanced if the developer not only thinks like a developer but also like an adversary who can and will easily exploit any vulnerability in his code. Most malicious users do not use brute force techniques to launch attacks or gain access, rather they follow a step-by-step process to exploit vulnerabilities, which includes the use of interceptors, sniffers, packet modifiers, etc. The most basic of all tools used is to read through the source code and try to check for vulnerabilities which is what a system administrator would do before he publishes the code or the application. There is not much “busy-work” for this project, but it would require you to read up on certain
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/05/2009 for the course CSE 565 taught by Professor Shambhu during the Fall '09 term at SUNY Buffalo.

Page1 / 3

security_project - 9/15/2009 CSE 565: Computer Security...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online