lex939
commented
15 hours ago Could you please specify which Lecture Topic you are covering from the list the team is using? Thank you.
Open noel-vargas opened 16 hours ago
lex939
commented
15 hours ago Could you please specify which Lecture Topic you are covering from the list the team is using? Thank you.
noel-vargas
commented
44 minutes ago "Important Engineering Practices" and "Tools of the Designer"
Objective:
Establish a secure and controlled environment for conducting security testing on the SafeRUM sign-in/log-in system, including the installation and configuration of necessary security testing tools.
Task Description:
Set up a dedicated testing environment that mirrors the production system to safely conduct security assessments without risking disruption to live services. Install and configure security testing tools such as OWASP ZAP and Burp Suite, ensuring they are properly set up to interact with the application. This will provide the foundation for both automated and manual security testing in subsequent tasks.
Implementation:
Environment Setup:
Create a staging or test environment that replicates the production setup. Ensure the environment has all the necessary components (servers, databases) and that the authentication system is deployed there. Tool Installation:
Install OWASP ZAP and Burp Suite on testing machines. Configure the tools to work with the SafeRUM application, including setting proxy settings if necessary. Access Control:
Secure the testing environment to prevent unauthorized access. Ensure that test data is used instead of real user data to protect privacy. Subtasks:
Set Up Test Environment:
Provision servers or use cloud services to replicate the production environment. Deploy the latest version of the authentication system to the test environment. Install Security Tools:
Download and install OWASP ZAP. Download and install Burp Suite (community edition or licensed, as appropriate). Configure Tools:
Configure the tools to intercept and analyze traffic between the client and server. Test the setup by running a simple scan to ensure everything is working correctly. Testing and Debugging:
Verify that the testing tools can successfully interact with the application without causing errors. Ensure that the test environment is isolated from production to prevent any accidental interference. Conduct a sample scan and resolve any issues with tool configurations. Deadline:
Completion Date: October 31, 2024